Cyber attacks are increasingly targeting the food and agriculture industry, and the FBI wants businesses to take steps to protect themselves.
A private industry notification issued by the FBI’s cyber division Sept. 1 lists five major attacks that have occurred in the food sector since November 2020. Two attacks on grain co-ops — Iowa’s NEW Cooperative and Minnesota’s Crystal Valley — came less than a month after the FBI’s warning.
Another attack on Sandhills Global, which operates online platforms for auctioning farm equipment, shut down the company’s operations on Oct. 4.
(The three companies identified in news coverage did not return requests for comment from Investigate Midwest.)
The average ransom demand doubled from 2019 to 2020, and the FBI received nearly 2,500 ransomware complaints across all sectors last year.
Ransomware is a form of malware that encrypts all of the files on a device, effectively shutting down computer systems. The attackers usually display a ransom demand on the computer screen with instructions on how to pay, and sometimes, a threat to release private information if the victim does not comply.
A high-profile ransomware attack on international meatpacking giant JBS in May forced the company to shut down operations for multiple days. Russia-based ransomware group REvil was responsible for the attack.
JBS paid an $11 million ransom to REvil in order to prevent further disruptions, according to a June 9 statement from Andre Nogueira, CEO of the company’s U.S. operations.
The next day, Rep. Carolyn Maloney, chairwoman of the House Committee on Oversight and Reform, sent a letter to Nogueira requesting information and documents related to the attack and ransom payment.
“Any ransom payment to cybercriminal actors like REvil sets a dangerous precedent that increases future risk of ransomware attacks,” Maloney wrote. “Congress needs detailed information about the attack to legislate effectively on ransomware and cybersecurity in the United States.”
According to the FBI, 50 to 80 percent of victims that pay ransom experience a repeat ransomware attack.
The food and agriculture industries are designated as a “critical infrastructure sector” by the Cybersecurity & Infrastructure Security Agency, and therefore receive higher scrutiny and more assistance from the agency.
REvil suddenly disappeared in July, but controversy erupted recently over the FBI’s withholding of a decryption key that would have helped victims recover their files.
BlackMatter, another ransomware group considered by some experts to be a successor to REvil, carried out the late September attack on NEW Cooperative. NEW Cooperative refused to pay the $5.9 million ransom demand, instead opting to take their systems offline, according to reporting by The Washington Post.
The FBI warned that all businesses, regardless of size, are potential targets.
“Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes,” the FBI notice states.
Stacey Wright, vice president of resiliency services at the Cybercrime Support Network, a nonprofit group that provides cybersecurity resources to individuals and small businesses, said ransomware attacks have been increasing in recent years and that the industries targeted have shifted over time.
Schools, local governments and hospitals have been among the most targeted organizations in recent years, and now that ransomware groups have seen potential profit from food and agriculture businesses, that sector has become a focus of attacks, Wright said.
“Ransomware is all about making money,” Wright said. “So any industry where they think there is a financial gain from targeting them is fair game.”
Wright added that attackers also tend to target systems that need to be online 24/7 because the targeted business will face more pressure to pay the ransom and get the system back immediately. With harvest season in full swing, farmers can’t afford interruptions, and ransomware groups may see that as a vulnerability.
In addition to the JBS attack, the FBI notice also mentions ransomware incidents involving a bakery, a beverage company and a farm.
President Joe Biden issued a “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems” in late July encouraging government agencies and businesses in critical industries to direct more attention to cybersecurity.
The memorandum is meant to “defend the United States’ critical infrastructure by encouraging and facilitating deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks.”
Top photo: Joshua Polson, for Investigate Midwest