The FBI sent out a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to “disrupt operations, cause financial loss, and negatively impact the food supply chain.”
“Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants. Cybercriminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems,” the FBI said. “Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.”
The notice goes on to explain that the food and agriculture sector has faced an increasing number of attacks in recent months as ransomware groups target critical industries with large attack surfaces. Many of the biggest food companies now use an array of IoT devices and smart technology in their processes. The FBI noted that larger agricultural businesses are targeted because they can afford to pay higher ransoms and smaller entities are attacked because of their inability to afford high-quality cybersecurity.
The best defense against ransomware is to defend against ways that ransomware operators get an initial foothold on networks, usually via Remote Desktop access or malware sent through email. Use email filtering and train users to spot and report phishing emails, don’t expose RDP to the Internet where it could possibly be brute forced, and implement Multi-Factor Authentication (MFA) on VPNs. Have effective endpoint detection products such EDR and a Security Operations Center (SOC) to monitor alerts, either an internally-staffed SOC, or use a service such as Binary Defense to detect threats 24/7. Always keep multiple backups, and have a rigorous incident response plan for ransomware incidents so if all else fails, you can get back up and running quickly after an incident. These days, ransomware operators often exfiltrate data to be used in an extortion attempt if victims don’t pay the ransom, so it’s best to prevent these incidents from happening rather than relying on being well prepared to restore from backups.