Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns Ransomware Attack Could Disrupt Food Supply Chain

Ransomware attack on U.S. farm incurred $9 million in losses

Ransomware attack on U.S. farm incurred $9 million in losses

The Federal Bureau of Investigation (FBI) has sent out a Private Industry Notification to warn organizations in the Food and Agriculture sector about an increase in ransomware attacks that could and impact the food supply chain.

The increased reliance on smart technologies, Internet-connected (IoT) devices, and industrial control systems exposes the sector to various types of cyberattacks that may lead to disrupted operations, affecting the entire food supply chain.

All types of businesses in the sector are at risk, the FBI says, including farms, processors, manufacturers, markets, and restaurants. Ransomware attacks are often complemented by the theft of data, which is then used as leverage to extort victims.

“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack,” the FBI’s notification says.

Some high-profile attacks this year have shown just how disruptive ransomware can be. The Kaseya attack forced one of Sweden’s leading supermarket chains to close hundreds of stores for days. Meat processing giant JBS had to suspend operations as well, just as Colonial Pipeline and Molson Coors did.

Other similar attacks did not get as much attention as those incidents did. A U.S. bakery, the FBI said, was forced to suspend operations for a week after REvil ransomware “was deployed through software used by an IT support managed service provider (MSP).”

In January 2021, the Bureau also revealed, a U.S. farm fell victim to a ransomware attack that incurred losses of roughly $9 million, as all farming operations were temporarily suspended. Using compromised credentials, the attackers gained administrator level to the farm’s internal systems.

The FBI recommends that all organizations keep their data backed up at all times, that they employe network segmentation and two-factor authentication, that they keep systems and applications updated, implement recovery plans, use strong passwords, disable remote access if not used, perform network audits, and install and regularly update anti-malware software.

Related: CISA, FBI Warn of Increase in Ransomware Attacks on Holidays

Related: FBI Shares Details on “OnePercent Group” Ransomware Operators

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...