FBI warns US farmers of a higher risk of ransomware attacks

The FBI has sent a new Private Industry Notification this week, warning the farmers that the US food supply chains are at a higher risk of potentially devastating ransomware attacks during the planting and harvesting seasons.

According to the notice, attacks on the food supply chain could result in financial loss and operational disruption. Compromises at dairy or meat processing plants can cause delays and spoilage of products. Agricultural cooperatives are appealing targets for cyber actors because of their willingness to pay due to the time-sensitivity of agricultural production, the FBI said.

The FBI noted previous ransomware attacks against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that disrupted seed and fertilizer supplies, affecting the planting season.

The notice also listed several unnamed agricultural firms infected with ransomware in the previous year. They included a supply chain attack on a software company in July 2021, which impacted downstream agricultural clients.

Following the ransomware attacks, some of the targeted entities’ production was hampered, resulting in slower processing due to manual operations. Other targeted entities lost administrative functions like websites and email, but production was unaffected.

The FBI stated that the initial intrusion vectors included known but unpatched common vulnerabilities and exploits and secondary infections resulting from the exploitation of shared network resources or the compromise of managed services.

The Five Eyes intelligence group released a detailed alert this week outlining mitigation steps and threat techniques used by both Russian state and cybercrime groups. Regular patching, multi-factor authentication, disabling RDP ports, and improving employee cybersecurity awareness are among the best practices recommended by the FBI in its notice.