In a private email alert to companies in the food and agriculture sectors, the FBI warned about the potential impact of ransomware attacks and advised on prevention measures.
The FBI warns that ransomware gangs target various industries, from food processing to retail. Cybercriminals can exploit network vulnerabilities to steal data and encrypt systems in industries that rely on these components for their operations, which may result in big financial losses:
“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.”
The agriculture and food sectors have increasingly been the targets of such attacks carried out by various gangs.
Many of the biggest food companies in the world now use various technologies such as the Internet of Things (IoT) devices to improve their operations. This provides additional attack vectors for cybercriminals, as these devices are often less secure.
The FBI suspects that attackers are targeting large agricultural businesses due to their ability to pay higher ransoms. Whereas, many smaller and mid-sized firms are also targeted, due to the high cost of cybersecurity solutions which they can’t afford.
The average ransom demand doubled from 2019 to 2020, and the amount of cyber insurance payouts also increased. In 2020, the highest amount of ransom demand was $23 million. In 2020, the IC3 received over 2,400 complaints related to ransomware. The agency said the victims lost over $29.1 million.
“Separate studies have shown 50-80 percent of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors. Although cyber criminals use a variety of techniques to infect victims with ransomware, the most common means of infection are email phishing campaigns, Remote Desktop Protocol vulnerabilities, and software vulnerabilities.”
The alert includes details on various attacks on food and agriculture companies since November of last year. Some of these include Sodinokibi/REvil ransomware attack on a large US bakery company and a global meat processor JBS.
The FBI also shared various security measures the businesses can take to protect their networks and operations.
The warning came just a week after the CIA warned companies that they should be on the lookout for suspicious activities during the upcoming Labor Day weekend.