Attacks and Vulnerabilities
Critical infrastructure
Industry
News
Risk & Compliance
Threat Landscape
Vulnerabilities

FBI notifies agricultural cooperatives of ransomware attacks, potentially timed to match critical seasons

April 22, 2022
FBI notifies agricultural cooperatives of ransomware attacks, potentially timed to match critical seasons

The Federal Bureau of Investigation (FBI) issued a private industry notification alert to the food and agriculture sector that ransomware hackers ‘may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain.’

“The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer,” according to the alert issued this week. “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” it added. 

Although ransomware attacks against the entire farm-to-table spectrum of the food and agriculture sector occur regularly, the number of cyberattacks against agricultural cooperatives during key seasons is notable, the federal agency added.  

Since 2021, multiple agricultural cooperatives have been impacted by various ransomware variants, the FBI said. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, and secondary infections from the exploitation of shared network resources or compromised managed services

Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations. In contrast, other targeted entities lost access to administrative functions such as websites and email but did not have production impacted, it added. 

The FBI also reported that a significant disruption of grain production could impact the entire food chain since grain is consumed by humans and used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and cascade down to the farm level as animals cannot be processed. 

Providing instances of ransomware attacks on the food and agriculture sector, the FBI revealed that a multi-state grain company last month suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services, which are critical during the spring planting season. 

Earlier in February, a company providing feed milling and other agricultural services reported two instances in which an unauthorized actor gained access to some of its systems and may have attempted to initiate a ransomware attack, the agency said. However, the attempts were detected and stopped before encryption occurred. 

The FBI also disclosed that between Sept. 15 and Oct. 6 last year, six grain cooperatives experienced ransomware attacks. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. As a result, some targeted entities had to halt production while others lost administrative functions completely, it added.

Last month, the U.S. security agencies updated a previously issued joint cybersecurity advisory on malicious operations carried out by Conti hackers against domestic and international organizations. The amendment includes newly identified indicators of compromise (IOCs) made up of nearly 100 domain names and adds the United States Secret Service (USSS) as a co-author.

Last July, a business management software company found malicious activity on its network, later identified as HelloKitty/Five Hands ransomware, the FBI said. The threat actor demanded a US$30 million ransom. The ransomware attack on the company led to secondary ransomware infections on a number of its clients, which included several agricultural cooperatives, it added. 

Transnational cybersecurity agencies had in February rolled out a joint cybersecurity advisory (CSA) outlining the growing international threat posed by ransomware trends observed over the past year. The global security agencies said that ransomware groups have increased their impact by targeting the cloud infrastructure and managed service providers (MSPs), attacking industrial processes and the software supply chain, and launching attacks on organizations on holidays and weekends.

Earlier this week, global security agencies issued a joint CSA warning to organizations that the Russian invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber hackers or Russian-aligned cybercrime groups.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights