Food and Agriculture (FA) sector partners hit with a string of destroyed food processing facilities are now being warned over concerns of ransomware attacks by the Federal Bureau of Investigation (FBI)..The Western Standard on Friday released an exclusive story examining how food shortages have been exacerbated by a string of fires, plane crashes, and explosions at nearly two dozen food processing facilities across Canada and the US..The FBI said reports of cyberattacks in the FA sector are concerning and could be on the rise, especially during critical seasons..“Ransomware actors may be more likely to attack agriculture cooperatives during critical planting and harvest seasons,” said the FBI in a release..The FBI noted six cyberattacks on grain cooperatives during the fall harvest of 2021 and two attacks have been reported so far for 2022 “that could impact the planting season by disrupting the supply of seeds and fertilizer.”.In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack.In addition to grain processing, the company provides seed, fertilizer, and logisticservices, which are critical during the spring planting season.In February 2022, a company providing feed milling and other agricultural servicesreported two instances in which an unauthorized actor gained access to some of itssystems and may have attempted to initiate a ransomware attack. The attempts weredetected and stopped before encryption occurred.Between 15 September and 6 October 2021, six grain cooperatives experiencedransomware attacks. A variety of ransomware variants were used, including Conti,BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had tocompletely halt production while others lost administrative functions.In July 2021, a business management software company found malicious activity on itsnetwork, which was later identified as HelloKitty/Five Hands ransomware. The threatactor demanded USD$30 million ransom. The ransomware attack on the company ledto secondary ransomware infections on a number of its clients, which included severalagricultural cooperatives..“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” said the FBI..“Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyberattacks against agricultural cooperatives during key seasons is notable.”.FBI warned ransomware tactics and techniques are evolving and “sophisticated, high-impact ransomware incidents” are increasing globally..“Since 2021, multiple agricultural cooperatives have been impacted by a variety of ransomware variants,” said the FBI..“Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and email but did not have production impacted.”.The risk of disruptions within different food producers can lead to varying consequences and impact the entire food chain, in some circumstances..As an example, the FBI said a disruption of grain production could not only affect human consumption, but could also affect the supply of animal feed. An attack on producers of protein or dairy products can result in spoiled products and “cascading effects down to the farm level.”.FBI said as cyberthreats increase, businesses need to implement steps to protect against such attacks..FBI suggested security steps:.Regularly back up data, air gap, and password-protect backup copies offline. Ensurecopies of critical data are not accessible for modification or deletion from the systemwhere the data resides.Implement a recovery plan that includes maintaining and retaining multiple copies ofsensitive or proprietary data and servers in a physically separate, segmented, securelocation (i.e., hard drive, storage device, the cloud).Identify critical functions and develop an operations plan in the event that systems gooffline. Think about ways to operate manually if it becomes necessary.Implement network segmentation.Install updates/patch operating systems, software, and firmware as soon as they arereleased.Use multi-factor authentication where possible.Use strong passwords and regularly change passwords to network systems andaccounts, implementing the shortest acceptable time frame for password changes. Avoidreusing passwords for multiple accounts and use strong pass phrases where possible.Disable unused remote access/RDP ports and monitor remote access/RDP logs.Require administrator credentials to install software.Audit user accounts with administrative or elevated privileges, and configure accesscontrols with least privilege in mind.Install and regularly update anti-virus and anti-malware software on all hosts.Only use secure networks and avoid using public Wi-Fi networks. Consider installing andusing a virtual private network (VPN).Consider adding an email banner to messages coming from outside your organizations.Disable hyperlinks in received emails.Focus on cybersecurity awareness and training. Regularly provide users with training oninformation security principles and techniques as well as overall emerging cybersecurityrisks and vulnerabilities (i.e., ransomware and phishing scams)..“The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office.”.Melanie Risdon is a reporter with the Western Standard.,.mrisdon@westernstandard.news
Food and Agriculture (FA) sector partners hit with a string of destroyed food processing facilities are now being warned over concerns of ransomware attacks by the Federal Bureau of Investigation (FBI)..The Western Standard on Friday released an exclusive story examining how food shortages have been exacerbated by a string of fires, plane crashes, and explosions at nearly two dozen food processing facilities across Canada and the US..The FBI said reports of cyberattacks in the FA sector are concerning and could be on the rise, especially during critical seasons..“Ransomware actors may be more likely to attack agriculture cooperatives during critical planting and harvest seasons,” said the FBI in a release..The FBI noted six cyberattacks on grain cooperatives during the fall harvest of 2021 and two attacks have been reported so far for 2022 “that could impact the planting season by disrupting the supply of seeds and fertilizer.”.In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack.In addition to grain processing, the company provides seed, fertilizer, and logisticservices, which are critical during the spring planting season.In February 2022, a company providing feed milling and other agricultural servicesreported two instances in which an unauthorized actor gained access to some of itssystems and may have attempted to initiate a ransomware attack. The attempts weredetected and stopped before encryption occurred.Between 15 September and 6 October 2021, six grain cooperatives experiencedransomware attacks. A variety of ransomware variants were used, including Conti,BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had tocompletely halt production while others lost administrative functions.In July 2021, a business management software company found malicious activity on itsnetwork, which was later identified as HelloKitty/Five Hands ransomware. The threatactor demanded USD$30 million ransom. The ransomware attack on the company ledto secondary ransomware infections on a number of its clients, which included severalagricultural cooperatives..“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” said the FBI..“Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyberattacks against agricultural cooperatives during key seasons is notable.”.FBI warned ransomware tactics and techniques are evolving and “sophisticated, high-impact ransomware incidents” are increasing globally..“Since 2021, multiple agricultural cooperatives have been impacted by a variety of ransomware variants,” said the FBI..“Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and email but did not have production impacted.”.The risk of disruptions within different food producers can lead to varying consequences and impact the entire food chain, in some circumstances..As an example, the FBI said a disruption of grain production could not only affect human consumption, but could also affect the supply of animal feed. An attack on producers of protein or dairy products can result in spoiled products and “cascading effects down to the farm level.”.FBI said as cyberthreats increase, businesses need to implement steps to protect against such attacks..FBI suggested security steps:.Regularly back up data, air gap, and password-protect backup copies offline. Ensurecopies of critical data are not accessible for modification or deletion from the systemwhere the data resides.Implement a recovery plan that includes maintaining and retaining multiple copies ofsensitive or proprietary data and servers in a physically separate, segmented, securelocation (i.e., hard drive, storage device, the cloud).Identify critical functions and develop an operations plan in the event that systems gooffline. Think about ways to operate manually if it becomes necessary.Implement network segmentation.Install updates/patch operating systems, software, and firmware as soon as they arereleased.Use multi-factor authentication where possible.Use strong passwords and regularly change passwords to network systems andaccounts, implementing the shortest acceptable time frame for password changes. Avoidreusing passwords for multiple accounts and use strong pass phrases where possible.Disable unused remote access/RDP ports and monitor remote access/RDP logs.Require administrator credentials to install software.Audit user accounts with administrative or elevated privileges, and configure accesscontrols with least privilege in mind.Install and regularly update anti-virus and anti-malware software on all hosts.Only use secure networks and avoid using public Wi-Fi networks. Consider installing andusing a virtual private network (VPN).Consider adding an email banner to messages coming from outside your organizations.Disable hyperlinks in received emails.Focus on cybersecurity awareness and training. Regularly provide users with training oninformation security principles and techniques as well as overall emerging cybersecurityrisks and vulnerabilities (i.e., ransomware and phishing scams)..“The FBI encourages recipients of this document to report information concerning suspicious or criminal activity to their local FBI field office.”.Melanie Risdon is a reporter with the Western Standard.,.mrisdon@westernstandard.news
