Ransomware Attacks May Affect Critical Ag Seasons

On April 20, 2022, the FBI’s Cyber Division released a Private Industry Notification (PIN) altering Food and Agriculture sectors that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons.

As discussed in our last vertical blog, the ag industry is increasingly becoming a target for cybercrime. According to the PIN, six ransomware attacks were reported during the fall 2021 harvest, and two attacks were reported in early 2022. The timing of these attacks could disrupt the supply of seeds and fertilizer, impacting the planting season and the entire farm-to-table spectrum.

Sophisticated, high-impact ransomware incidents against critical infrastructure organizations are increasing worldwide. Because cybercriminals will continue to exploit network, system, and application vulnerabilities in the ag industry, the FBI recommends implementing the following steps to help mitigate the threat.

• Regularly back up data, air gap, and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Identify critical functions and develop an operations plan if systems go offline. Think about ways to operate manually if it becomes necessary.
• Implement network segmentation.
• Install updates/patch operating systems, software, and firmware as soon as they are released.
• Use multi-factor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong passphrases where possible.
• Disable unused remote access/RDP ports and monitor remote access/RDP logs.
• Require administrator credentials to install software.
• Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind.
• Install and regularly update anti-virus and anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
• Consider adding an email banner to messages coming from outside your organization.
• Disable hyperlinks in received emails.
• Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques and overall emerging cybersecurity risks and vulnerabilities (e.g., ransomware and phishing scams).

Ransomware attacks not only disrupt operations and cause financial loss, an attack on our food and ag industry has the potential to negatively impact the food supply chain. AssuredPartners agribusiness team is dedicated to educating our clients on this increasing risk. Contact a member of our team to learn more.