Home  >  Advisory Blog  >  Food & Agriculture C…

Food & Agriculture Cyber Threats: Why Ransomware, Why Now

Written By: Josh Arsenio

Food and agriculture bottling plant

Agriculture cyber attacks are becoming a common operation by ransomware gangs and they are bearing down on companies of all sizes. JBS USA, a division of the world’s largest meat packer, was hit by ransomware in June 2021. They paid a Bitcoin ransom equivalent to $11 million after operations in several countries ground to a halt for an entire day. Attackers have also hit smaller cooperatives, including NEW Cooperative and Crystal Valley.

Attacks against the agriculture industry are becoming so prevalent that the FBI released a September 1, 2021 Private Industry Notification warning. The FBI, along with the CISA and the NSA, released another advisory on October 18, 2021 discussing the risk of BlackMatter Ransomware, an advisory that specifically mentioned activity against the food and agriculture sector as well.

As the Chief Financial Officer of an agriculture business, it is up to you to make sure that your company is managing this risk properly. Investing a comparably small amount in ransomware prevention now will save your company time, money, and reputational damage in the long run.

What Is Ransomware Today?

Ransomware has traditionally involved attackers encrypting files and demanding ransom for a decryption key. This is how ransomware started. However, modern ransomware attacks are more sophisticated, and can do far more damage to your company.

Attackers still encrypt files, but they also find other ways to demand ransom from their targets. Modern attackers also break into networks, perform reconnaissance, and exfiltrate data. Instead of just being able to demand a ransom in exchange for decrypting data, they demand ransom in exchange for not dumping the data they have exfiltrated. This gives attackers a way to get a ransom even if data is backed up, since they can threaten to reveal the data. Some ransomware attackers go even further, threatening Denial of Service attacks against companies that do not respond to demands for payment or threats of a data leak.

This not only means multiple reasons for attackers to demand a ransom, but multiple ways ransomware gangs can grind your operations to a halt.

Why Are Agriculture Cyber Attacks Attractive for Ransomware Gangs?

Attackers are interested in two things. They seek targets with weaker defenses and targets with motivation to pay the ransom if they do fall victim to an attack. Many food and agriculture companies fall into both of these categories.

Many food and agriculture companies do not have in-house security teams. Especially in many small to mid-sized firms, no one on staff has the experience or expertise to design and spearhead a proactive plan to prevent ransomware.

This can happen because food industry regulations do not focus on security. Technology is required to attain other regulatory goals: consider food traceability requirements. To satisfy those, you need computer systems and Internet of Things (IoT) devices to help track food in case of a recall. But food businesses are subject to fewer data security regulations than other industries, such as finance or medicine who store sensitive or lucrative data. Attackers take advantage of this to launch ransomware attacks against the data you do have.

Another core element that attracts attackers to agriculture businesses is the motivation for business continuity. Agriculture is a critical industry vertical: day in and day out, people around the world depend on you to keep the food supply stable. To support that goal, you have contracts and schedules for producing and distributing food. And, you depend on digital data to track their fulfillment of those contracts as well as satisfy regulatory requirements such as traceability while they do so.

If you are attacked by a ransomware gang, your ability to perform your critical role in the food supply falls apart. Even if your data is backed up, you may have to pause operations in order to restore from backups, hunt for indicators of compromise, or reimage machines that are suspected to be compromised. 

What Can Companies in the Food and Agriculture Industry do Now to Prevent a Ransomware Attack?

Effective ransomware prevention begins at the top. It is not a bottom up initiative, but rather one that must come from the board of directors. Once there is buy-in from leadership, serious steps can be taken.

Impactful steps that agriculture companies can take toward preventing ransomware include:

  • Taking an inventory of the business’s systems and data.
  • Identifying the systems and data that are most critical for the business to function.
  • Setting priorities to protect those data and systems from ransomware.
  • Working with a knowledgeable partner to help plan and build strong ransomware defenses.

Planning how to defend your business from ransomware, and continuing to adjust those plans to fit the ransomware threat as it continues and evolves, will help make sure that your company will be able to keep providing food, uninterrupted.

Where Can I Go from Here?

Ransomware is a pressing threat against the food and agriculture industry, and threat groups like BlackMatter are actively targeting food companies. With so much activity against the food and agriculture industry going on, the time to act is now. No matter what size your business is, the threat is real. Developing a plan to combat ransomware, and working with an expert who can help you design and implement that plan, can help prevent you from becoming the next target. 

Our team regularly advises enterprises across industries, including food and agriculture, who have all degrees of security in place. Speaking to a security expert can help you assess your risk and develop a plan to be prepared to resist ransomware, no matter what your current level of security maturity.

  • If you are just beginning a security program, an expert can help you determine your internet-facing exposure, simulate how an attack would affect your business, and give you guidance around protecting those internet-facing systems. 
  • If you have already begun to build a security program, an expert can help assess your existing policies, strengthen data classification schemes, assess the risk of particular systems, and provide guidance around reducing risk. 
  • If you already have a security program, including both policies and active security monitoring, an expert can help you make sure that your controls are as effective as possible against the threat landscape as it exists right now.

Speak to an expert today. Get in touch with us here.

All Posts

Stay Up To Date

Get the latest cybersecurity news and updates delivered straight to your inbox.
Sign up today.