The Food and Agriculture - Information Sharing and Analysis Center (Food and Ag-ISAC) released the findings of its first annual report of ransomware incidents in the Food and Agriculture sector. The ISAC's report, "Farm-To-Table Ransomware Realities: Exploring the 2023 Ransomware Landscape and Insights for 2024," shows that while there are fewer ransomware incidents in the industry than other sectors, ransomware actors have shown a level of sophistication and understanding of sector victims.
The Food and Ag-ISAC found 167 ransomware attacks against the sector out of 2,905 total ransomware incidents studied in 2023 — 5.5% of all attacks. This made organizations in the sector the 7th most targeted industry vertical last year. In comparison, critical manufacturing (15.5%) and financial services (12.4%) saw the greatest number of attacks last year, per data jointly collected by the Food and Ag-ISAC and the IT-ISAC.
Ransomware attacks represent one of the most prolific categories of cyber threats. Hackers use malicious code to encrypt critical data so an organization cannot access files, databases, or applications, rendering systems unusable unless the victim pays up. They often leverage their access to victim networks to steal or leak intellectual property, as well as other valuable information.
"Ransomware remains a serious threat to all business sectors, including the food and ag industry," said Jonathan Braley, Director of the Food and Ag-ISAC. "Despite successful disruptions of global threat actor groups and their operations by law enforcement, cyber attackers often operate in countries that turn a blind eye to their efforts. As long as ransomware remains low-risk, high-reward for attackers, ransomware attacks will continue."
The Food and Ag-ISAC also researched the major threat actors targeting the sector. Analysis shows that these attackers are largely financially motivated rather than specifically targeting the sector to do intentional damage to the nation's critical infrastructure.
In 2023, cybercriminals took in a record $1 billion in ransom payments, motivating them to continue their campaigns. The Food and Ag-ISAC found top ransomware actors victimizing food and agriculture companies specifically including:
LockBit - [40 Attacks] - [24%]
● ALPHV/BlackCat - [15 Attacks] - [9%]
● Play - [14 Attacks] - [8%]
● 8Base - [10 Attacks] - [6%]
● Akira - [10 Attacks] - [6%]
The Food and Ag-ISAC's report also contains a snapshot of ransomware incidents in Q1 2024. Researchers cataloged 572 ransomware incidents in Q1, 40 of which were against the food and ag sector. This represents 7% of all incidents and a 4.8% percent decrease from Q1 2023.
The ISAC maintains nearly 200 adversary attack playbooks cataloging lessons learned from these threat actors; information that security teams can use to proactively harden their networks. The ISAC is also partnering with industry trade associations and leading universities to share threat intelligence and drive improved security practices broadly across the industry.
For example, the Food and Ag-ISAC has developed a cybersecurity guide for small and medium-sized businesses that offers ten low- to no-cost ways companies can improve their cybersecurity.
"This report shows how active, voluntary collaboration can improve our understanding of the threat environment. The ransomware attacks represented in this report demonstrate a clear challenge to companies," said Paul Hershberger of Cargill, Board Chair of the Food and Ag-ISAC. "By working together, we not only better understand threats, but we better identify ways to defend against them."
Data for "Farm-To-Table Ransomware Realities: Exploring the 2023 Ransomware Landscape and Insights for 2024" was collected by the Food and Ag-ISAC team from open-source sites, the dark web, ISAC member input, and information shared between members of the National Council of ISACs.
Source: foodandag-isac.org