The agriculture industry spans a diverse range of businesses from growing crops, raising animals, and harvesting fish and other animals from a farm, ranch, or their natural habitats. Given the critical need to feed a growing global population, agricultural firms are a significant target for ransomware attacks.

Whether by disrupting food production or interfering with a time-sensitive distribution supply chain, threat actors believe ransomware can result in large payouts in the agriculture sector. This article looks at the state of ransomware in agriculture and highlights some recent attacks.

Ransomware in Agriculture Overview

Agriculture, food and related industries contributed $1.1 Trillion to the US GDP in 2019, a 5.2% share. The threat has become so significant that the FBI just released a warning to agriculture companies to be on the lookout for ransomware attacks and to take steps now to help prevent them.

Ransomware Incidents in Agriculture

HP Hood Dairy, March 2022

HP Hood Dairy is best known as the owner of the Lactaid brand of lactose-free milk.  Reports suggest that a ransomware attack hit the company in March 2022.  While details of the attack are scarce, the victim did state that they took all of their production facilities offline "out of an abundance of caution."  It isn't known if any sensitive data was stolen, but the production shutdown resulted in a nationwide shortage of the Lactaid product for a number of weeks.

JBS, June 2021

Based in Brazil, JBS is the world’s largest meat processor and has a large number of facilities in the US. The attack resulted in all nine US-based facilities being shut down, as their IT systems were incapable of operating due to the ransomware. The downstream effects of the shutdown were devastating to downstream customers like grocery stores and restaurants, who were themselves struggling to re-open after COVID shutdowns.

JBS leadership decided to pay an $11M ransom in order to restore operations. Fortunately, the criminals at the REvil ransomware gang upheld their end of the bargain and provided the necessary decryption keys.

Unidentified US farm, January 2021

An unidentified farm in the US was hit with a ransomware attack in early 2021 after threat actors were able to get into the farm’s internal network by using a set of stolen admin credentials. The FBI reported that the farm paid a $9 million ransom in order to be able to restart their operations.

Unidentified US-based international food & agriculture business, December 2020

A ransomware group known as the OnePercent Group was successful in deploying a ransomware attack against a US-based agricultural company. The group is notorious for deploying Cobalt Strike ransomware after compromising user credentials as part of a phishing attack. After exfiltrating the customer’s data and encrypting the company’s databases, the OnePercent Group demanded a $40 million ransom be paid. Fortunately, the company had a solid backup and recovery plan in place and were able to restore the stolen data without having to pay the ransom.

Thwarting Ransomware Attacks in Agriculture

From operational disruptions to stealing sensitive data, the recent ransomware attacks in the agriculture industry highlight the risks for all businesses in this industry. Stopping ransomware in its tracks helps to avoid costly recovery and containment measures. Here are some actions media and entertainment companies can take today to thwart ransomware attacks.

Use Anti-Phishing Defenses

Phishing campaigns are a popular vector for threat actors to gain access to a company’s IT infrastructure. By impersonating trusted individuals, hackers can target employees with phony emails or social media messages that get them to disclose passwords or download malware.

Anti-phishing defenses can include the use of advanced self-learning email filters that block, flag, or quarantine suspicious emails so that they don’t reach target employees. Another anti-phishing defense is to conduct simulated phishing tests to help employees get better at recognizing phishing attacks. Simulated phishing may be particularly helpful for social media phishing.

Secure IoT devices

There has been an explosion of IoT device usage in the agriculture industry in recent years, from using drones to survey fields, using sensors to understand real-time soil conditions to putting devices on livestock to track their movements to better understand their health. IoT devices are notoriously insecure, as are the networks that connect them back to the company’s core infrastructure. It is critical that agriculture organizations employing these new technologies are working with security firms to understand, implement and monitor for security issues within the IoT deployment.

Leverage Artificial Intelligence

Artificial intelligence continues to evolve and play an increasingly important role in cybersecurity. AI can be used within several types of cybersecurity tools to detect and prevent ransomware. From email filters that leverage machine learning to intelligent user monitoring, AI can help to thwart ransomware before the dreaded encryption or data exfiltration events that cause the bulk of the damage from these attacks.

Closing Thoughts

If there is one overarching message from this article, it’s that agriculture companies need to treat ransomware as a high-risk incident that they are exposed to at all times. They must understand their risk exposure and make the necessary investments in tools and personnel to keep themselves safe from attack.

The adverse effects of a ransomware attack can be incredibly painful for both the company and its downstream customers, so it’s best to get in place the right mindset, tools, and processes to prevent ransomware before it can cause damage.

To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today.

This blog was updated in June 2022