Agricultural equipment maker AGCO reports ransomware attack
A Massey Ferguson tractor. Image: AGCO
Joe Warminsky May 6, 2022

Agricultural equipment maker AGCO reports ransomware attack

Agricultural equipment maker AGCO reports ransomware attack

Some production facilities of agricultural equipment manufacturer AGCO were affected by a ransomware attack this week, the company reported Friday.

“AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the Company is able to repair its systems,” the company said in a notice to shareholders.

The Duluth, Georgia-based company, which had more than $11 billion in sales last year, did not specify the nature of the ransomware or the attackers. It also did not say which of its global facilities were affected. AGCO has plants in the U.S., Europe and elsewhere.

The company’s tractor and harvester brands include Challenger, Fendt, Massey Ferguson and Valtra.

The announcement comes as the FBI has been warning the U.S. agricultural sector about potential attacks during planting or harvesting seasons. During harvest season in 2021, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency issued an alert about BlackMatter ransomware targeting agricultural companies.

AGCO said it “will provide updates as the situation progresses.” When contacted by The Record, the company declined to answer more questions about the attack and whether law enforcement was investigating.

On Thursday the company had announced plans to donate $50,000 to an initiative called “BORSCH” that is designed to “contribute to Ukraine’s food and nutrition security during this crisis and improve the livelihoods of Ukrainian farming communities affected by the war.”

In the 2021 alert, the FBI and CISA noted that BlackMatter operates as a ransomware-as-a-service provider and might possibly be a rebrand of DarkSide, a ransomware group that allegedly closed shop in May after attacking Colonial Pipeline. Colonial Pipeline was attacked with ransomware almost exactly one year ago on May 7.

Jonathan Greig contributed to this report.

Joe Warminsky is the news editor for The Record. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.