The global food and agriculture sector is becoming a more frequent target for ransomware attacks, according to a report released by the Food and Agriculture - Information Sharing and Analysis Center (Food and Ag-ISAC). This is the first report to focus on ransomware attacks in this sector, following the establishment of its own Information Sharing Analysis Center.

The Food and Ag-ISAC's study, which analysed a total of 2,905 ransomware incidents in 2023, found that the food and agriculture sector was the victim of 167 attacks. This equates to 5.5% of all attacks, positioning the sector as the seventh most targeted industry last year. The sectors most attacked were critical manufacturing (15.5%) and financial services (12.4%).

Ransomware attacks are among the most prevalent cyber threats. Typically, hackers employ malicious code to encrypt essential data, leaving an organisation unable to access files, databases, or applications. Such attacks may also compromise intellectual property and other valuable information.

"Ransomware remains a serious threat to all business sectors, including the food and ag industry," said Jonathan Braley, Director of the Food and Ag-ISAC. Despite law enforcement's successful efforts to disrupt global threat actor groups and their operations, cyber attackers often operate in regions that do not take serious action against them. "As long as ransomware remains low-risk, high-reward for attackers, ransomware attacks will continue," added Braley.

The report also analyzes the major threat actors targeting the sector. It found that these attackers are largely financially motivated rather than specifically targeting the sector to inflict intentional damage on the nation's critical infrastructure. In 2023, cybercriminals made a record $1 billion in ransom payments, fuelling their ongoing campaigns. Among the top ransomware actors targeting food and agriculture companies specifically were LockBit, ALPHV/BlackCat, Play, 8Base, and Akira.

In the first quarter of 2024, the Food and Ag-ISAC logged 572 ransomware incidents, 40 of which affected the food and agriculture sector. This constitutes 7% of all incidents, marking a decrease from Q1 2023 by 4.8%.

As part of its operations, the ISAC collates almost 200 adversary attack playbooks, which compile lessons learned from these threat actors. These playbooks provide priceless information to security teams aiming to protect their networks. The ISAC also collaborates with industry trade associations and top universities to share threat intelligence and promote improved security practices across the sector.

Highlighting the benefits of such a collaborative approach, Paul Hershberger of Cargill, Board Chair of the Food and Ag-ISAC, stated that "by working together, we not only better understand threats, but we better identify ways to defend against them."

The Food and Ag-ISAC also provide cybersecurity guidance for small and medium-sized businesses, recommending ten low to no-cost measures to enhance cybersecurity.

The report's data was gathered from open-source sites, the dark web, ISAC member input, and information shared between members of the National Council of ISACs.