The accelerated adoption of digital and complex technologies in the global food supply chain has started gaining the attention of nefarious actors who seek to take control over systems and then demand a ransom.
A new threat in the food sector
A new alert issued by the FBI highlights that organizations in the food and agriculture sector have come under the active radar of ransomware gangs.
These ransomware attacks can potentially impact a wide range of businesses across the sector, including small farms, markets, restaurants, large-scale producers, and food processors.
FBI notes that these businesses can suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs.
In addition to financial loss, companies may also experience reputational damage due to the loss of proprietary information and PII.
A telltale example
The FBI also highlighted some examples of ransomware attacks impacting businesses in food and agriculture.
One such significant example is the recent ransomware attack on JBS Foods, the world’s largest meat supplier, that ultimately was forced to pay $11 million in ransom to restore the affected systems.
The attack was launched using a variant of Sodinokibi/REvil ransomware due to which the organization had to temporarily halt its operations, causing a shortage in the meat supply.
Vulnerable equipment adds yet another blow
With modern farming equipment being increasingly automated, it is highly likely that threat actors can exploit the vulnerabilities to gain control of equipment and pilfer global farm data.
At the DEF CON 29 conference, an Australian researcher who goes by the handle name of ‘Sick Codes’ detailed a list of potential threats that he referred to as a ‘tractor load of vulnerabilities’.
He used the Wi-Fi connected John Deere 7450 Self-Propelled Forage Harvesters as a prime example to explain the threat of DDoS attacks and data harvesting by attackers.
In light of the recent highly consequential attacks by ransomware operators, researchers indicate that unprotected organizations associated with the food supply chain may end up paying a high price. However, the risk can be reduced by timely detection of anomalies and intrusion, encrypting sensitive data, and frequent training of employees against phishing and other threats.