Ransomware Surge Targets U.S. Food and Agriculture Sector in 2023
The U.S. food and agriculture sector faced 167 ransomware attacks in 2023, ranking it the seventh most targeted industry nationwide, according to the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC). The newly formed group, established in 2022 after a wave of cyberattacks disrupted food pricing, released its first annual report detailing the growing threat.
In the first quarter of 2024, the sector recorded 40 attacks, a slight decline from the same period last year. However, law enforcement disruptions including takedowns of LockBit and BlackCat have contributed to a noticeable drop in attacks in February and March. Without these interventions, 2024 could have surpassed 2023’s totals, according to Jonathan Braley, director of Food and Ag-ISAC. Ransomware affiliates are now shifting to new strains, such as Play, which has already claimed five agriculture sector attacks in 2024.
LockBit was the most active group in 2023, responsible for 40 attacks, while BlackCat targeted 15 agriculture victims. Other notable threats included Play, 8Base, and Akira. The FBI also warned last fall about Snatch ransomware targeting the industry.
The USDA confirmed it was affected by a ransomware attack in 2023, linked to the exploitation of a popular file transfer tool, exposing sensitive industry data. High-profile victims included Dole, Sysco, and Mondelez, with Dole’s February 2023 attack disrupting grocery store shipments of salad kits.
Beyond immediate disruptions, ransomware attacks can trigger supply chain cascades, delaying planting, harvesting, and distribution. The report highlights risks to intellectual property, including years of genetic crop research vulnerable to theft.
Congress has introduced bipartisan legislation to strengthen cybersecurity in the sector, including a 2024 bill to fund digital defenses and a 2023 proposal to create a cybersecurity hub within the National Telecommunications and Information Administration, offering guidance and a hotline for agricultural producers. The IT-ISAC, which tracks ransomware trends, recorded 2,905 attacks across all industries in 2023, underscoring the broader threat landscape.
Source: https://therecord.media/food-and-agriculture-hit-with-ransomware-attacks
Dole plc cybersecurity rating report: https://www.rankiteo.com/company/dole-plc
Mondelēz International cybersecurity rating report: https://www.rankiteo.com/company/mondelezinternational
USDA cybersecurity rating report: https://www.rankiteo.com/company/usda
"id": "DOLMONUSD1770602763",
"linkid": "dole-plc, mondelezinternational, usda",
"type": "Ransomware",
"date": "1/2023",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Grocery store shipments '
'disrupted',
'industry': 'Food and Agriculture',
'location': 'U.S.',
'name': 'Dole',
'type': 'Food manufacturer'},
{'industry': 'Food and Agriculture',
'location': 'U.S.',
'name': 'Sysco',
'type': 'Food distributor'},
{'industry': 'Food and Agriculture',
'location': 'U.S.',
'name': 'Mondelez',
'type': 'Food manufacturer'},
{'industry': 'Food and Agriculture',
'location': 'U.S.',
'name': 'USDA',
'type': 'Government agency'}],
'attack_vector': 'Exploitation of file transfer tools',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive industry data',
'Intellectual property (genetic '
'crop research)']},
'date_publicly_disclosed': '2024',
'description': 'The U.S. food and agriculture sector faced 167 ransomware '
'attacks in 2023, ranking it the seventh most targeted '
'industry nationwide. The Food and Agriculture-Information '
'Sharing and Analysis Center (Food and Ag-ISAC) reported a '
'decline in attacks in early 2024 due to law enforcement '
'disruptions, but ransomware affiliates are shifting to new '
'strains like Play. High-profile victims included Dole, Sysco, '
'and Mondelez, with attacks causing supply chain disruptions '
'and risks to intellectual property.',
'impact': {'data_compromised': 'Sensitive industry data, intellectual '
'property (genetic crop research)',
'downtime': 'Disrupted grocery store shipments, supply chain '
'delays (planting, harvesting, distribution)',
'operational_impact': 'Supply chain cascades, delayed operations'},
'initial_access_broker': {'entry_point': 'File transfer tool exploitation'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Ransomware attacks can cause supply chain cascades, '
'disrupt operations, and expose high-value intellectual '
'property. Law enforcement disruptions can temporarily '
'reduce attack volumes, but threat actors adapt quickly.',
'motivation': ['Financial gain',
'Data exfiltration',
'Intellectual property theft'],
'post_incident_analysis': {'corrective_actions': 'Proposed legislation for '
'funding digital defenses, '
'establishment of a '
'cybersecurity hub, enhanced '
'monitoring of ransomware '
'trends',
'root_causes': 'Exploitation of file transfer tool '
'vulnerabilities, lack of robust '
'cybersecurity defenses in the '
'sector'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': ['LockBit',
'BlackCat',
'Play',
'8Base',
'Akira',
'Snatch']},
'recommendations': 'Strengthen cybersecurity defenses, fund digital '
'protections for the sector, establish a cybersecurity hub '
'for guidance and support, and enhance monitoring of '
'ransomware trends.',
'references': [{'date_accessed': '2024',
'source': 'Food and Agriculture-Information Sharing and '
'Analysis Center (Food and Ag-ISAC)'},
{'date_accessed': '2023', 'source': 'FBI'},
{'date_accessed': '2024', 'source': 'IT-ISAC'}],
'regulatory_compliance': {'regulatory_notifications': 'Bipartisan legislation '
'proposed (2023 and '
'2024 bills)'},
'response': {'law_enforcement_notified': 'Yes (FBI, law enforcement '
'disruptions of LockBit and '
'BlackCat)'},
'stakeholder_advisories': 'Congress introduced bipartisan legislation to '
'strengthen cybersecurity in the sector, including '
'funding for digital defenses and a cybersecurity '
'hub.',
'threat_actor': ['LockBit', 'BlackCat', 'Play', '8Base', 'Akira', 'Snatch'],
'title': 'Ransomware Surge Targets U.S. Food and Agriculture Sector in 2023',
'type': 'Ransomware',
'vulnerability_exploited': 'File transfer tool vulnerability'}