The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert warning of increasing ransomware attacks against the Food and Agriculture sector.
“Ransomware attacks targeting the Food and Agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants,” the FBI wrote in the advisory.
“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems.”
It is worth noting that the Food and Agriculture sector is considered part of the critical infrastructure sector. Threat actors are increasing attacks against enterprises, especially larger ones in the sector given they have the financial ability to pay large ransoms.
“As of 2019, sensitive data files are commonly exfiltrated prior to encryption, and the attacker demands a payment not to publish the sensitive data on a ‘name-and-shame’ website,” the FBI added.
The FBI provided multiple recent examples of targeted ransomware attacks to include:
- In May 2021, a ransomware attack hit JBS USA, world’s largest global meat producer. The actors used a variant of the Sodinokibi/REvil ransomware.
- In December, 2020, the OnePercent Group targeted a US-based international food and agriculture business and exfiltrated several terabytes of data and demanded a $40M ransom. Fortunately, the company was able to recover the data and did not pay the ransom.
- Other ransomware victims included a bakery, a beverage company and a US farm that all had major disruptions to their business and in some cases, experienced millions of dollars in financial damages.
Moreover, the FBI provided mitigations and protections against ransomware attacks:
- Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Implement network segmentation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
- Patch systems and devices as soon as software updates are released.
- Use multifactor authentication (MFA).
- Use strong passwords or strong pass phrases where feasible.
- Regularly change passwords to user and network system accounts.
- Avoid reusing passwords across multiple accounts.
- Disable unused remote access/RDP ports and monitor remote access/RDP logs.
- Require administrator credentials to install software.
- Audit administrative account activity.
- Configure access controls with “least privilege”.
- Install and regularly update anti-virus/anti-malware software on all systems.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
- Add email warning banner (such as “external”) for incoming mail from outside your organization.
- Consider adding an email banner to messages coming from outside your organizations.
- Disable hyperlinks in received emails.
- Focus on cyber security awareness and training with emphasis on . Regularly provide users with training on emerging threats such as ransomware and phishing scams.
Readers can also check out related articles below for other recent examples of ransomware attacks.
- FBI issues alert on OnePercent Group Ransomware attacks
- Kaseya VSA falls victim to massive sophisticated ransomware attack (update)
- Babuk ransomware: Soon to be targeting VMware and *nix systems?
- eCh0raix ransomware variant targets QNAP and Synology NAS devices
- FBI identifies 16 Conti ransomware attacks targeting US healthcare and first responder networks
- CISA and FBI alert: DarkSide ransomware used in Colonial Pipeline cyberattack (and mitigation guidance) – updated
- FBI warns of PYSA Ransomware attacks against schools in the U.S. and U.K.
- Emotet malware active threat drops IcedID Trojan
- FBI: Beware of banking trojans and fake mobile banking apps