The FBI says ransomware gangs are actively focusing on and disrupting the operations of organizations within the meals and agriculture sector, inflicting monetary loss and immediately affecting the meals provide chain.
The bureau’s Cyber Division issued this warning on Wednesday within the type of a TLP:WHITE Private Industry Notification (PIN).
These ransomware assaults can doubtlessly influence a variety of companies throughout the sector, from small farms, markets, and eating places to large-scale producers, processors, and producers.
Ransomware gangs began focusing their assaults towards this trade sector after meals and agriculture orgs have develop into more and more depending on sensible tech, industrial management techniques (ICS), and internet-based automation techniques.
“Meals and agriculture companies victimized by ransomware undergo important monetary loss ensuing from ransom funds, lack of productiveness, and remediation prices,” the FBI said.
“Corporations can also expertise the lack of proprietary info and personally identifiable info (PII) and should undergo reputational harm ensuing from a ransomware assault.”
Paying the ransom will not cease future assaults
In line with the company, the typical ransom demand has doubled between 2019 and 2020, with the highest ransom demand reaching $50 million this 12 months following a REvil ransomware assault that hit laptop big Acer.
The FBI Web Crime Criticism Middle (IC3) additionally acquired over 2,400 ransomware assault complaints amounting to adjusted losses of over $29.1 million throughout final 12 months based on the IC3’s 2020 Web Crime Report, after a massive 100% increase in received cybercrime complaints and adjusted losses of greater than $29.1 million throughout all trade sectors.
“Separate research have proven 50-80 p.c of victims that paid the ransom skilled a repeat ransomware assault by both the identical or totally different actors,” the FBI added.
The federal legislation enforcement company additionally highlighted some examples of ransomware assaults impacting companies within the meals and agriculture trade, together with :
- In July 2021, a US bakery firm misplaced entry to their server, information, and purposes, halting their manufacturing, delivery, and receiving on account of Sodinokibi/REvil ransomware which was deployed via software program utilized by an IT assist managed service supplier (MSP). The bakery firm was shut down for about one week, delaying buyer orders and damaging the corporate’s status.
- In Might 2021, cyber actors utilizing a variant of the Sodinokibi/REvil ransomware compromised laptop networks within the US and abroad places of a worldwide meat processing firm, which resulted within the potential exfiltration of firm knowledge and the shutdown of some US-based vegetation for a number of days. The short-term shutdown lowered the variety of cattle and hogs slaughtered, inflicting a scarcity within the US meat provide and driving wholesale meat costs up as a lot as 25 p.c, based on open supply reviews.
- In March 2021, a US beverage firm suffered a ransomware assault that precipitated important disruption to its enterprise operations, together with its operations, manufacturing, and delivery. The corporate took its techniques offline to forestall the additional unfold of malware, immediately impacting staff who had been unable to entry particular techniques, based on open supply reviews.
- In January 2021, a ransomware assault towards an recognized US farm resulted in losses of roughly $9 million as a result of short-term shutdown of their farming operations. The unidentified menace actor was in a position to goal their inside servers by gaining administrator stage entry via compromised credentials.
- In November 2020, a US-based worldwide meals and agriculture enterprise reported it was unable to entry a number of laptop techniques tied to their community on account of a ransomware assault carried out by OnePercent Group menace actors utilizing a phishing electronic mail with a malicious zip file attachment. The cybercriminals downloaded a number of terabytes of information via their recognized cloud service supplier previous to the encryption of tons of of folders. The corporate’s administrative techniques had been impacted. The corporate didn’t pay the $40 million ransom and was in a position to efficiently restore their techniques from backups.
Elevated danger of ransomware assaults on holidays, weekends
The FBI and CISA additionally urged organizations this week to not let down their defenses throughout weekends or holidays, provided that ransomware gangs are more and more extra prone to hit their networks when everyone seems to be out of workplace.
The 2 federal companies warned that they “noticed a rise in extremely impactful ransomware assaults occurring on holidays and weekends—when places of work are usually closed—in america, as just lately because the Fourth of July vacation in 2021.”
The latest assaults on the networks of Colonial Pipeline, JBS, and Kaseya got as examples seeing that they had been all hit throughout weekends.
JBS, the world’s largest beef producer, paid an $11 million ransom to the REvil ransomware gang after a Memorial Day weekend attack. After a Mom’s Day weekend assault, Colonial Pipeline paid a $4.4 million ransom to the DarkSide group.
A big-scale REvil ransomware assault additionally hit dozens of Kaseya clients and up to 1,500 other downstream businesses over the Fourth of July weekend.
These warnings come after Deputy Nationwide Safety Advisor Anne Neuberger urged US companies to take ransomware seriously following the Colonial Pipeline and JBS ransomware assaults.
Interpol also asked industry partners and police agencies final month to work collectively to forestall what seems like a ransomware pandemic that is rapidly closing in.
Because the FBI and CISA suggested on this week’s joint advisory, organizations can take a number of actions to guard their techniques and block ransomware assaults, together with: