The US Federal Bureau of Investigation (FBI) warned Food and Agriculture (FA) sector organizations on Wednesday of an increased risk of ransomware attacks during the harvest and planting seasons.
Although ransomware groups regularly target the US agriculture sector, the FBI noted that the quantity of attacks against these entities during critical seasons is concerning.
The FBI revealed this information during a joint flash alert released in coordination with the United States Department of Agriculture (USDA) and the Cybersecurity and Infrastructure Security Agency (DHS/CISA).
“Ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer,” the FBI said.
“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” the agency added.
In its statement on Wednesday, the FBI also highlighted several ransomware attacks against US agricultural cooperatives that led to financial losses and impacted production.
Ransomware Attacks on Critical US Infrastructure
In a February joint advisory, the FBI, CISA, and the NSA also warned of an increase in ransomware attacks impacting 14 of the 16 US critical infrastructure sectors, including Food and Agriculture.
Since the start of 2022, the FBI issued flash alerts highlighting how several ransomware gangs (including BlackByte, Ragnar Locker, and Avoslocker) have breached dozens of critical US infrastructure.
Attackers use a variety of methods to gain access to victims’ networks, including phishing, stealing Remote Desktop Protocols (RDP) credentials, and exploiting unpatched vulnerabilities.
Ransomware groups also utilize cybercriminal services-for-hire to negotiate ransom payments, help victims make payments, and mediate payment disputes with other cybercriminals.
“If the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent,” the advisory said. “Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”