FBI warns of ransomware attacks on US agricultural sector

Agriculture / tractor

The US Federal Bureau of Investigation (FBI) warned food and agriculture (FA) organizations today of an increased risk that ransomware gangs are “more likely” to attack them during the harvest and planting season.

While ransomware groups regularly target the US agricultural sector, the FBI noted that the number of attacks on such entities is striking during such critical seasons.

The FBI disclosed this in a joint flash alert released Wednesday in consultation with the United States Department of Agriculture (USDA) and the Cybersecurity and Infrastructure Security Agency (DHS/CISA).

Ransomware attacks targeting agricultural cooperatives during key seasons can lead to business disruption, financial loss and a negative

impact on the US and world food supply chain.

“Ransomware attacks during these seasons target six grain co-ops during the fall 2021 harvest and two attacks in early 2022 that could affect the planting season by disrupting seed and fertilizer supplies,” the FBI said. [PDF]†

“Cyberactors may view co-ops as lucrative targets with a willingness to pay because of the time-sensitive role they play in agricultural production.”

In today’s private sector notice, the FBI highlighted several ransomware attacks on U.S. agricultural cooperatives that have resulted in financial losses and/or production impacts:

In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer and logistics services, which are critical during the spring planting season. In February 2022, a company providing feed milling and other agricultural services reported two cases where an unauthorized actor gained access to some of its systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption took place. Between September 15 and October 6, 2021, six grain cooperatives suffered from ransomware attacks. Several variants of ransomware were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had to stop production completely, while others lost administrative functions. In July 2021, a business management software company discovered malicious activity on its network, which was later identified as HelloKitty/Five Hands ransomware. The threat actor demanded a $30 million ransom. The ransomware attack on the company resulted in secondary ransomware infections at some of its customers, including several agricultural cooperatives

Ransomware hits critical infrastructure in the US

In a February joint advisory, the FBI, CISA and the NSA also highlighted an increase in ransomware incidents affecting 14 of the US’s 16 critical infrastructure sectors, including food and agriculture.

Since the beginning of the year, the FBI has issued flash warnings highlighting how several ransomware gangs, including BlackByte, Ragnar Locker and Avoslocker, have compromised dozens of critical US infrastructure.

Attackers use various methods to gain access to their victims’ networks, such as phishing, stealing or brute forcing credentials for Remote Desktop Protocols (RDP), and exploiting unpatched vulnerabilities.

Ransomware gangs also use hired cyber criminals to negotiate ransoms, help victims make payments, and settle payment disputes with other cyber criminals.

“If the criminal business model of ransomware continues to deliver financial returns for ransomware actors, ransomware incidents will become more frequent,” the consultancy said.

“Every time a ransom is paid, it confirms the viability and financial attractiveness of the criminal ransomware business model.”

This post FBI warns of ransomware attacks on US agricultural sector

was original published at “https://www.bleepingcomputer.com/news/security/fbi-warns-of-ransomware-attacks-targeting-us-agriculture-sector/”