FBI Warns Food and Agriculture Firms of Ransomware Threat
The FBI has issued a new alert warning companies in the food and agricultural sector that they are increasingly at risk of ransomware as their corporate attack surface expands.
The Private Industry Notification, seen by Infosecurity, noted that the vertical is a critical infrastructure sector which, if impacted by such threats, could negatively impact the food supply chain.
“Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants,” it continued. “Cyber-criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems and internet-based automation systems.”
Attacks may target larger organizations, deemed more likely to pay higher ransom demands, and smaller firms perceived as softer targets. For both, the increasing move to IoT may offer a new attack surface to target, the FBI warned.
“According to a private industry report, cyber actors may gradually broaden their attack from just IT and business processes to also include the operational technology (OT) assets, which monitor and control physical processes, impacting industrial production regardless of whether the malware was deployed in IT or OT systems,” it noted.
As with all ransomware victims, those in the food and agricultural sector would suffer lost productivity, theft of proprietary and personal information, and reputational and financial damage, the alert claimed.
The industry has already been a target for attacks, most notably the May 2021 raid on Brazilian meat processing giant JBS USA, which the FBI said drove wholesale prices up 25% after various plants across the country were forced to close.
Other incidents cited in the alert include a US bakery which was forced to close for a week in July, a “US-based international food and agriculture business” that was hit by the OnePercent group in November 2020, demanding a $40m ransom, and the attack on beverage giant Molson Coors in March this year.