Ransomware targeting the food and agriculture sector is unfortunately on the rise, enough so that the FBI recently released a Private Industry Notification to alert at-risk parties to the potential dangers. In this blog we’ll look at the response of the bureau and discuss its advice on what people in the sector can do to protect themselves.
The Impact of Ransomware Attacks
The FBI began its notification by listing the dire ramifications of ransomware attacks:
- Financial loss
- Disruption of operations
- Negative effects on the supply chain
Ransomware can be targeted at anyone in the food and agriculture sector, including restaurants, large producers, and tiny farms alike. No one is immune from network vulnerabilities that can be used to steal data or render networks unusable. Whether the attacked party chooses to pay or not, these businesses suffer major losses trying to deal with the aftermath.
Why Is Food & Agriculture Being Targeted?
The FBI states that the infrastructure in this industry is becoming more of a safe bet for cybercriminals, in part because the sector has adopted more smart technologies that open doors into the network.
Criminals think that larger businesses have the resources to pay the demands without a second thought, and smaller businesses often lack the necessary updates that are needed to fend off cybercriminals. For instance, a farm services company in Iowa, NEW Cooperative Inc, recently took its systems offline to contain a security threat. A notorious criminal group known for ransomware attacks took credit for it.
Examples, Studies, and Consequences
The FBI detailed several specific examples of ransomware targeting food and agriculture:
- A bakery lost access to their services, apps, and files, which halted production and caused a shutdown for about a week.
- The network of a global meat processing company was compromised, resulting in the shutdown of some US plants and potential data loss. This ultimately caused a shortage in the meat supply and drove up wholesale prices by 25%.
- A farm lost $9 million in lost productivity after being forced to shut down after a ransomware attack.
Whether a business pays the ransom is ultimately up to them, but it’s important to know that paying doesn’t mean putting the matter behind them. In the report, the FBI referenced studies that show up to 80% of ransomware victims that paid the ransom experienced a repeat attack — either from the same criminals or a different group.
Business owners may also be asked to pay twice — once for the privilege of decryption and again to ensure the hackers don’t make the stolen information public. Regardless of the decision an owner might make, cybercriminals can go on to harass employees, contact vendors to notify them of data theft, or disrupt operations through coordinated attacks. These serious consequences might explain why the average cyber insurance payout increased 65% from 2019 to 2020.
Reducing Your Odds of a Ransomware Attack
The FBI listed a number of precautions that business owners could take in this sector:
- Back up your data and protect copies offline.
- Protect critical data by making it inaccessible to modification or deletion.
- Segment the network and design a recovery plan.
- Install updates to your OS, software, and firmware immediately.
- Prioritize the creation and changing of passwords for all accounts.
- Disable all unused remote access points and monitor used access.
Hiring a managed security service provider (MSP) and outsourcing cybersecurity can often be the smartest way for many people in the food & agriculture industry to keep up with the ongoing responsibility of protecting data. It’s clear that if criminals aren’t going to give up their ways, professionals need to have a backup plan that works.
You Might Also Enjoy These Cyber Articles
Ransomware Action Plan: Should Companies Pay Ransomware?
5 Dos and Don’ts if You’ve Been Hit with Ransomware