US farm loses $9 million in the aftermath of a ransomware attack
A US farm lost a whopping $9 million due to a temporary shutdown of its farming operations following a ransomware attack earlier this year, the FBI said this week.
The incident, which took place in January 2021 after hackers gained access to the farm's internal network through compromised admin credentials, is part of a series of examples the FBI included in a private security alert the agency sent on Wednesday to organizations in the US food and agriculture sector.
The alert provided companies with examples of the worst it could happen if they ignore setting up proper security defenses, thinking that threat actors wouldn't be interested in attacking an agricultural target.
While the vast media coverage around ransomware attacks has centered on incidents in local governments, healthcare, or the educational sector, the FBI said ransomware groups have also hit companies across all industry verticals, including US agriculture.
Past incidents include a November 2020 attack on a US-based international food and agriculture business that narrowly avoided having to pay a gigantic $40 million ransom demand after it successfully restored from backups.
In another incident in March 2021, a ransomware gang crippled the operations, production, and product shipping at a US beverage company.
Similarly, in July 2021, as part of the Kaseya incident, a US bakery lost access to its server, files, and applications, which caused the company to halt production and shipping.
But the most famous ransomware attack against a food production and agriculture company took place this year, in May, when the REvil gang hit JBS Foods, disrupting meat processing across Australia and North America for almost a week.
"The temporary shutdown reduced the number of cattle and hogs slaughtered, causing a shortage in the US meat supply and driving wholesale meat prices up as much as 25 percent," the FBI said on Wednesday.
The agency is now urging organizations in the US food production and agricultural sector to take the ransomware threat seriously and invest in securing their IT networks against the most common methods employed by these threat actors, such as:
- targeting weakly secured RDP endpoints;
- malicious files attached to phishing emails;
- the exploitation of vulnerabilities in unpatched internet-facing devices.
The FBI's efforts come after the Department of Homeland Security and the Department of Justice both launched separate "ransomware task force" to deal with the threat coming from ransomware gangs targeting entities in US critical sectors, where Food and Agriculture is also listed as a critical sector.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.