Feed mills, commercial farms, and other agriculture industry businesses have for a long time enjoyed a relatively low risk from cyberattacks, storing minimal sensitive data and running few processes that would be targeted for cyber fraud. But suddenly a lot of agriculture-related business owners are finding themselves in the crosshairs of cyberattacks, specifically ransomware.
What Is Ransomware?
Ransomware is a form of extortion where attackers gain access to and take administrative control of key computing systems, encrypt applications and data, and then make ransom demands for the disclosure of the codes needed to the decrypt the encrypted data. Attackers are very hands-on in today’s ransomware attacks, using tools and techniques previously reserved for nation-state, financial and ecommerce breaches against small businesses unprepared to stop them.
Why Is This Happening Now?
We are currently experiencing a perfect storm of factors that enable these attacks. Agriculture-related businesses have evolved their technologies to a point where information technology (IT) systems are a critical part of daily operations and communications, but security controls may not have kept pace with the increase in the use of IT. At the same time, the fast growth of Bitcoin and other cryptocurrencies has made it possible for overseas attackers to anonymously demand and receive payments even in the millions of dollars with little chance of being caught. Ransomware attackers can be especially malicious, for example, by deleting backups or threatening to post stolen employee data online to incent an organization to pay the ransom.
How Are Attackers Getting In?
There are two primary ways attackers are gaining footholds on networks for ransomware attacks: phishing and remote access services. Attackers are using targeted phishing attacks to steal passwords or install viruses that can give the attacker a backdoor into a network. Attackers target remote access services like VPNs and remote desktops with password-guessing attacks, only needing to guess one correct password for one employee in the company to gain access to internal systems. Once an attacker has this foothold, it is generally not difficult for them to exploit weak configurations and other weak passwords in the environment to get administrative access and begin encrypting data.
A Few Key Controls Can Help A Great Deal
As a best practice, organizations should have a comprehensive, risk-based information security program. However, implementing the following security controls can greatly improve an organization’s resilience to ransomware attacks:
- Multi-factor authentication for all remote access services helps prevent network intrusions through stolen or guessed passwords.
- A centrally managed commercial anti-virus solution helps to make sure that all computers have protections against emerging threats.
- Use of passphrases (phrases using at least 15 characters) instead of typical passwords prevents many different attacks against weak passwords.
- Thorough patch management for computer operating systems, third party software (like web browsers, Java and Adobe software) and firewalls helps to prevent exploitation of known vulnerabilities.
- Protection of backups by storing backup data offline in a secured cloud or on an isolated network zone prevents an attacker with stolen network passwords from deleting backups.
- Cyber insurance helps reduce the impact to the organization should a breach occur.
First Steps To Take
If you’d like more information about ransomware attacks or how Sikich can help you assess or improve your security posture, please contact your Sikich account representative or the Sikich Cybersecurity group’s sales team at 877.403.5227 or securitysales@sikich.com.
