Agribusiness is a target for ransomware gangs

Sheila Zabeu -

September 13, 2021

Ransomware gangs are attacking food and agriculture businesses, causing financial losses and directly affecting the food supply chain, the FBI warns. The target of these criminal groups ranges from small farms, markets, and restaurants to large-scale food processors and manufacturers, who suffer financial losses resulting from ransom payments, lost productivity, and remediation costs, not to mention the possible loss of sensitive data and reputational damage.

According to the FBI alert, these gangs began to focus their attacks against the sector after it became increasingly reliant on smart technologies, industrial control and automation systems, and the Internet of Things (IoT).

In its report, the FBI highlights that cybercriminals can gradually broaden the scope of, ranging from Information Technology (IT) systems and business processes to Operational Technology (OT) assets that monitor and control physical processes capable of affecting the production cycle, regardless of whether the malware was deployed in one environment or another (IT/OT).

Without naming names, the FBI report comments on recent cases of ransomware attacks on several companies in the food and agriculture sector, including one involving JBS in May 2021. The temporary shutdown reduced the volume of slaughtering and caused a drop in meat supply in the United States, leading to an increase in prices of up to 25%. JBS is the second-largest meat and poultry processor in the United States and accounts for almost a quarter of all beef produced in the country, as well as a fifth of all pork.

Another case cited by the FBI is of a US farm victim of a ransomware attack in January 2021 that resulted in losses of about $9 million because of the temporary shutdown of its farming operations. The attacker gained administrator-level access to the farm’s internal servers through compromised credentials. Other incidents mentioned include a US bakery that was forced to close its doors for a week in July 2021 and a US-based international food and agriculture company that was victimized by the OnePercent group in November 2020, which demanded a $40 million ransom.

Ransomware attacks rarely left the news in 2021, while the rise of ransomware-as-a-service has unleashed a new crime wave. These trends should increase the stress levels of business leaders, but how prepared are their companies? And how best to respond if they become victims of such crimes?

The damaging effects of ransomware attacks continue to grow. According to the FBI, the average amount of ransomware charged doubled between 2019 and 2020, while the average price of cyber insurance increased by 65% over the same period. The 2020 report from the FBI’s own Internet Crime Complaint Center (IC3), meanwhile, reported 2,474 complaints identified as ransomware with adjusted losses of more than $29.1 million across all industries. Separate studies show that 50-80% of victims who have paid the ransom have experienced a new ransomware attack, either by the same attackers or different groups. Although various techniques are employed in attacks, the most common means are email phishing campaigns, flaws in RDP protocols, and vulnerabilities in software in general.

cybersecurity2021infog-scaled.jpg" alt="" class="wp-image-2500" width="482" height="768" srcset=" 1605w, 188w, 642w, 768w, 963w, 1284w" sizes="(max-width: 482px) 100vw, 482px">

In short, ransomware has evolved into lucrative cybercrime business models. These criminal operations include several components: the developers of the malware code and operating software, affiliates who perform the attack execution and collect pre-attack intelligence, ransomware negotiators, and even technical support staff to help recover the victim’s data. 

Allowing these payments leads to a lazy narrative that ransomware is an existential threat to business, with no alternative but to pay up. The reality is much more complex. “Ransomware is generally very serious, but it’s not always an existential threat and rarely a threat to life,” says Ciaran Martin, professor of practice in Public Organisation Management at the Blavatnik School of Government and former executive chairman of the National Cyber Security Center, part of GCHQ. “Paying often means getting a moderately effective decryption key and you still have to run it on damaged systems that need fixing,” he adds. 

We should not simplify this issue in a way that suits the criminals. A recent survey by managed services provider Talion, which founded the #RansomAware initiative to prevent cyber shaming of victims, determined that 79% of cyber security professionals were in favor of making payments illegal. Talion’s lead threat analyst Mitchell Mellard admits there are many sides to the debate, but the fact remains that these criminals are encouraged and enabled to continue with such rewards with impunity.

“I don’t think the payment option should be shelved. But it should be regulated, ” says Mellard. “Limit it to instances where the network or dataset is critical, such as a hospital or critical infrastructure.” 

Prevention is always better than cure

There is a real sense of irony about ransomware prevention, not least because some of the attackers themselves will offer mitigation advice as part of the attack shutdown process. Yes, you read that right: some ransomware groups disclose their attack access routes and provide advice on how the victim can best protect their networks from future attacks. 

While it is never a good idea for organizations to take security tips from their attackers, sharing is something that should be on the ransomware mitigation agenda to break the threat cycle. 

The #RansomAware initiative wants to play a central role in this. The UK Cyber Security Association is part of this coalition of companies that exists to share experiences, exchange ideas, and gather intelligence, anonymously if necessary, on ransomware attacks. 

“Information sharing is the only way to stay ahead of cybercriminals. They collaborate to make attacks more successful, so stronger collaboration is key to making our defenses stronger too,” insists Lisa Ventura, CEO of the UK Cyber Security Association, in an interview with Forbes’ Davey Winder, in a special produced by Raconteur. Talking openly about attacks helps to better understand the techniques used, whereas pretending they are not happening and working to prevent news leaking to the media only benefits the criminals. 

“The more companies are willing to talk about becoming a victim of a ransomware attack,” Mellard concludes, “the faster and more comprehensive the information security industry can develop detection and countermeasure techniques for the tools employed by ransomware groups.

A few simple preventative measures will also greatly reduce the risk of becoming a victim of a ransomware attack.

In the report, the FBI lists several actions that can be taken by the agri-food sector to reduce the chances of being caught by cybercrime threats:

  • Make regular backups and protect them with passwords.
  • Set up a recovery plan to maintain multiple copies of sensitive or proprietary data and servers in physically separate and secure locations.
  • Implement network segmentation.
  • Install updates and patches to operating systems, software, and firmware as soon as they are released.
  • Use multi-factor authentication with strong passwords. Agribusiness is a target for ransomware gangs
  • Adopt the shortest acceptable period for password changes and avoid using the same passwords for different accounts.
  • Disable unused remote access/ RDP ports and monitor access logs. Agribusiness is a target for ransomware gangs

In other words:

1. Backups de backups

This goes for computers and any other mobile devices and gadgets you may have – create multiple backups of all your important data and make sure they are not all in one place. It’s also verymonitoring" target="_blank" rel="noopener"> important to regularly test and monitor your backups so that if you need them, you can be sure they will actually work.

2. Stop clicking

The best way to prevent these types of attacks is to educate. Usually, people who work in IT are not very affected by these types of attacks because they can spot suspicious emails and websites before clicking on links. Educating others in the company on how to do the same will help reduce their susceptibility to these types of attacks. Spam filters, anti-virus software, and firewalls help keep your network secure, but they do not prevent a user from circumventing your security. Using Group Policy management and website blacklists and whitelists to regulate what your colleagues can download, install or click on is also good practice.

3. Disable macros

When it comes to the spread of malware, not all the tricks you have in the bag are new. Infections still occur via macros, although the latest software programs disable them by default. Make sure you keep the default settings and only download macros from verifiable and trusted sources. Even then, be cautious.

4. Update frequently and quickly

To stay on top of the game, you should update your operating systems, applications, and other software frequently. Updates usually include security-relevant fixes and you don’t want to miss them. You can also avoid the hassle of actively searching for updates by setting up notifications to let you know when they’re available or by setting up automatic downloads.