Despite numerous security software and AI-driven techniques to tackle cybercrime, ransomware is still a persistent threat. The seasonal ransomware that malicious actors unleash to target agricultural cooperatives is a good example. These gangs have developed their attack model to steal proprietary information and create operational disturbances that have led to financial losses in the farming sector and even food shortages.
The looming danger of seasonal ransomware attacks
The Federal Bureau of Investigation (FBI) recently released a private notification document warning the agriculture sector (including farmers' cooperatives) of the threat these seasonal ransomware attacks pose. The warning states that such attacks can lead to general agricultural cooperative operational imbalance or proprietary information theft during critical harvesting seasons. The FBI drew upon the massive damage caused by seasonal ransomware attacks in September 2021. It is the second time the FBI is warning the agricultural sector to beware of such threats.
Ransomware attacks on agriculture cooperatives
In the past year, there have been two major ransomware attacks on agricultural cooperatives, one in the US and another in Ukraine. The attack in the US was perpetrated by a group known as Ragnar Locker, which targeted a large agricultural cooperative called GrainCorp. This Australian company provides services to farmers such as grain storage, marketing, and logistics. The Ragnar Locker gang was able to encrypt GrainCorp’s systems and demand a ransom of $5.3 million in Bitcoin. The company eventually paid the ransom to get their data back
The second attack took place in Ukraine and affected one of the country’s largest agricultural cooperatives, Ukrlandfarming. This group was targeted by a ransomware gang known as Babuk Locker. The attack led to the encrypted data of Ukrlandfarming being put up for auction on the dark web. The starting price for the auction was 1 BTC, which is equivalent to $56,000
These attacks have caused major disruptions in the agricultural sector and have led to financial losses. They have also highlighted the importance of having robust cybersecurity measures in place, particularly for industries that are critical to food security.
Other industries targeted by ransomware gangs
Over the past few years, the ransomware threat has increased significantly in the agricultural sector because of the massive adoption of IoT systems & innovative technologies to automate and ease operations. According to BlackFog's statistical reports 2022, apart from agricultural firms and cooperatives, ransomware gangs target different sectors like technology, manufacturing, healthcare, government, etc.
"Since 2021, multiple agricultural cooperatives have been impacted by many ransomware variants. Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production," says the security researcher of the agency. According to the FBI, such ransomware attacks in agricultural sectors occur because of various common intrusion vectors like exploiting typical or unpatched vulnerabilities. Other reasons include employing vulnerable shared network resources, unpatched IoT apps, and compromised managed services.
Prominent seasonal ransomware attacks
Some ransomware attacks lead to the disruption of administrative operations, while others impact production. Last year, a ransomware name BlackMatter hit Iowa's cooperative firm and demanded a US$ 5.9 million ransom. The ransomware forced the company to shut down infected devices and offline its processes to minimize the threat and prevent the spread. Because of that attack, the ransomware gang pocketed 1,000 GB of sensitive corporate data. The stolen data includes employee details, financial documents, and the source code of that farming technology system.
Two days after the Iowa incident, another prominent farmer's co-op named Crystal Valley Cooperative in Minnesota got hit by unidentified ransomware. This ransomware prevented the company from processing different essential payment cards by causing its phone system to experience significant downtime.
Noticing the pattern of seasonal ransomware threats, the FBI has listed down the names of some well-known ransomware that is infecting the food and agricultural sector. Some are:
BlackMatter
BlackByte
Sodinokibi
Conti
LockBit
HelloKittySunCrypt
Preventive measures against ransomware threats
There are different security postures food and agricultural cooperatives and firms can take to prevent seasonal ransomware attacks. The FBI recommends focusing on intelligent systems, networks, and apps as cybercriminals usually target to exploit numerous vulnerabilities in them. These preventive measures include:
Regular data backup:
Cooperatives and other enterprises should back up their corporate data regularly. Even if the ransomware encrypts all data, the cooperative firm can recover data from the backup.
Software patches:
Patching firmware or other support programs is essential when they become available to avoid any malware or virus attack.
Network segmentation:
Agricultural firms with IoT systems embedded in their technological ecosystem are vulnerable. Segmenting the network into smaller sections can make troubleshooting faster, bug fixing easy, and quickly detecting threats.
MFA and anti-malware:
Workers and employees should implement multi-factor authentication wherever possible. Also, the use of anti-malware makes the ecosystem more robust.
Final thoughts
In light of recent attacks, it is important for agricultural cooperatives and other food and agriculture-related businesses to be aware of the seasonal nature of ransomware attacks. Ransomware attacks can have a lasting impact on any business. Putting preventative measures in place is the best way to protect your businesses from these threats.
Consider a thorough penetration test to identify vulnerabilities and flaws in your systems and networks that can be targeted by malicious actors. Contact the Packetlabs team to learn more today!
Featured Posts
- Blog
London Drugs Gets Cracked By LockBit: Sensitive Employee Data Taken
In April 2024, London Drugs faced a ransomware crisis at the hands of LockBit hackers, resulting in theft of corporate files and employee records, and causing operational shutdowns across Canada.
- Blog
Q-Day And Harvest-Now-Decrypt-Later (HNDL) Attacks
Prime your knowledge about post-quantum encryption and risks it creates today via Harvest-Now-Decrypt-Later (HNDL) attacks.
- Blog
The Price vs. Cost of Dark Web Monitoring
Learn more about the price vs. cost of Dark Web Monitoring in 2024, as well as the launch of Packetlabs' Dark Web Investigators.