[BreachExchange] FBI says ransomware attacks on food and agriculture industry are increasing

Wed Oct 13 14:34:46 EDT 2021

https://investigatemidwest.org/2021/10/13/fbi-says-ransomware-attacks-on-food-and-agriculture-industry-are-increasing/

Cyber attacks are increasingly targeting the food and agriculture industry,
and the FBI wants businesses to take steps to protect themselves.

A private industry notification issued by the FBI’s cyber division Sept. 1
lists five major attacks that have occurred in the food sector since
November 2020. Two attacks on grain co-ops — Iowa’s NEW Cooperative and
Minnesota’s Crystal Valley — came less than a month after the FBI’s warning.

Another attack on Sandhills Global, which operates online platforms for
auctioning farm equipment, shut down the company’s operations on Oct. 4.

(The three companies identified in news coverage did not return requests
for comment from Investigate Midwest.)

The average ransom demand doubled from 2019 to 2020, and the FBI received
nearly 2,500 ransomware complaints across all sectors last year.

Ransomware is a form of malware that encrypts all of the files on a device,
effectively shutting down computer systems. The attackers usually display a
ransom demand on the computer screen with instructions on how to pay, and
sometimes, a threat to release private information if the victim does not
comply.

A high-profile ransomware attack on international meatpacking giant JBS in
May forced the company to shut down operations for multiple days.
Russia-based ransomware group REvil was responsible for the attack.

JBS paid an $11 million ransom to REvil in order to prevent further
disruptions, according to a June 9 statement from Andre Nogueira, CEO of
the company’s U.S. operations.

The next day, Rep. Carolyn Maloney, chairwoman of the House Committee on
Oversight and Reform, sent a letter to Nogueira requesting information and
documents related to the attack and ransom payment.

“Any ransom payment to cybercriminal actors like REvil sets a dangerous
precedent that increases future risk of ransomware attacks,” Maloney wrote.
“Congress needs detailed information about the attack to legislate
effectively on ransomware and cybersecurity in the United States.”

According to the FBI, 50 to 80 percent of victims that pay ransom
experience a repeat ransomware attack.

The food and agriculture industries are designated as a “critical
infrastructure sector” by the Cybersecurity & Infrastructure Security
Agency, and therefore receive higher scrutiny and more assistance from the
agency.

REvil suddenly disappeared in July, but controversy erupted recently over
the FBI’s withholding of a decryption key that would have helped victims
recover their files.

BlackMatter, another ransomware group considered by some experts to be a
successor to REvil, carried out the late September attack on NEW
Cooperative. NEW Cooperative refused to pay the $5.9 million ransom demand,
instead opting to take their systems offline, according to reporting by The
Washington Post.

The FBI warned that all businesses, regardless of size, are potential
targets.

“Larger businesses are targeted based on their perceived ability to pay
higher ransom demands, while smaller entities may be seen as soft targets,
particularly those in the earlier stages of digitizing their processes,”
the FBI notice states.

Stacey Wright, vice president of resiliency services at the Cybercrime
Support Network, a nonprofit group that provides cybersecurity resources to
individuals and small businesses, said ransomware attacks have been
increasing in recent years and that the industries targeted have shifted
over time.

Schools, local governments and hospitals have been among the most targeted
organizations in recent years, and now that ransomware groups have seen
potential profit from food and agriculture businesses, that sector has
become a focus of attacks, Wright said.

“Ransomware is all about making money,” Wright said. “So any industry where
they think there is a financial gain from targeting them is fair game.”

Wright added that attackers also tend to target systems that need to be
online 24/7 because the targeted business will face more pressure to pay
the ransom and get the system back immediately. With harvest season in full
swing, farmers can’t afford interruptions, and ransomware groups may see
that as a vulnerability.

In addition to the JBS attack, the FBI notice also mentions ransomware
incidents involving a bakery, a beverage company and a farm.

President Joe Biden issued a “National Security Memorandum on Improving
Cybersecurity for Critical Infrastructure Control Systems” in late July
encouraging government agencies and businesses in critical industries to
direct more attention to cybersecurity.

The memorandum is meant to “defend the United States’ critical
infrastructure by encouraging and facilitating deployment of technologies
and systems that provide threat visibility, indications, detection, and
warnings, and that facilitate response capabilities for cybersecurity in
essential control system and operational technology networks.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211013/afeafb9c/attachment.html>