The Federal Bureau of Investigation (FBI) warns agricultural cooperatives to be on high alert and take all possible precautions to safeguard their operations against cyberattackers.
The FBI did not provide exact details as to why it sent the notification April 20, but the agency says historically, "ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss and negatively impacting the food supply chain."
Cyberattacks Target Cooperatives
There were multiple attacks against agricultural cooperatives during the 2021 harvest season, including Crystal Valley, a Minnesota-based grain cooperative. Roger Kienholz, CEO of Crystal Valley, says the company was attacked during harvest season, and the hackers demanded ransom, which the co-op didn't pay. Kienholz reported the incident to the FBI. While he's not aware of any data being obtained from the attack, Kienholz says its possible that an unauthorized person could have viewed confidential data, prompting a formal data-breach notification to all of the co-op's customers and companies on record.
In the aftermath of the attack, Kienholz says Crystal Valley was unable to fulfill feed orders for livestock, but local cooperatives in the areas they serve helped out. While systems were brought back up, the cooperative had to do everything by hand.
The cyberattacks have continued on other co-ops and other critical infrastructure sectors in 2022. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have seen ransomware incidents against 14 of 16 critical infrastructure sectors in the U.S. In February, hackers gained access to a company that provides feed milling and other agriculture services, and attempted a ransomeware attack. In March, a multi-state grain company that provides seed, fertilizer and logistical services fell victim to a ransomeware attack. The FBI did not name either company.
Steps to Help Prevent Cyberattacks
In alerting the industry to the high-priority threat, the FBI outlined the following steps to help protect businesses from cyberattacks:
- Regularly back up data, air gap, and password protect backup copies offline.
- Ensure copies of critical data are not accessible for modification or deletion.
- Implement a recovery plan that includes maintaining/retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location.
- Identify critical functions and develop an operations plan in the event that systems go offline.
- Think about ways to operate manually if that should be necessary.
- Implement network segmentation.
- Install updates/patch operating systems, software and firmware as soon as released.
- Use multi-factor authentication when possible.
- Use strong passwords.
- Regularly change passwords, implement the shortest acceptable timeframe for changes.
- Avoid reusing passwords for multiple accounts.
- Use strong passphrases where possible.
- Disable unused remote access/RDP ports and monitor remote access/RDP logs.
- Require admin credentials to install software.
- Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
- Install and regularly update anti-virus and anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks.
- Consider installing and using a virtual private network (VPN).
- Consider adding an email banner to messages coming from outside your organization.
- Disable hyperlinks in received emails.
- Focus on cyber security awareness and training regularly.
More information is available www.cisa.gov. Victims of cyberattacks can file a complaint with the FBI and begin the recovery process through the bureau's Internet Crime Complaint Center IC3 at www.ic3.gov.