FBI Issues Ransomware Alert for Food and Agriculture Industry
(September 13, 2021) The Federal Bureau of Investigation (FBI) cyber division has issued a Private Industry Notification warning of ransomware attacks targeting food and agriculture businesses.
The FBI notification said the food sector “is among the critical infrastructure sectors increasingly targeted by cyber attacks,” noting that, as the sector moves more toward smart technologies and the internet of things, “the attack surface increases.”
The FBI said recent ransomware attacks impacting food and agriculture businesses included:
- A U.S. baker lost access to its server, files, and applications, halting the production, shipping, and receiving of its products. The bakery was shut down for about one week.
- A global meat processing company had its computer networks accessed, causing possible exfiltration of company data and the shutdown of some U.S.-based plants for several days. The temporary shutdown reduced the number of cattle and hogs slaughtered, causing a shortage in the U.S. meat supply and driving wholesale meat prices up as much as 25 percent.
- A U.S. beverage company was attacked, causing disruption of its business operations, including production and shipping.
- An attack against a U.S. farm resulted in losses of about $9 million due to the temporary shutdown of its farming operations.
A ransomware attack encrypts files, making them unavailable unless payment is made for a decryption tool and key. Attacks usually are initiated via email phishing campaigns, remote desktop vulnerabilities, or software vulnerabilities.
In its notification, the FBI recommended that companies take the following mitigation steps:
- Regularly back up data, air gap, and password protect backup copies offline.
- Implement network segmentation.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and services in a physically separate, segmented, and secure location.
- Install updates/patches to operating systems, software, and firmware as soon as they are released.
- Use strong passwords and regularly change passwords.
- Use multifactor authentication.
- Disable unused report access ports and monitor remote access logs.
- Install and regularly update anti-virus and anti-malware software.