Feed mills, commercial farms, and other agriculture industry businesses have for a long time enjoyed a relatively low risk from cyberattacks, storing minimal sensitive data and running few processes that would be targeted for cyber fraud. But suddenly a lot of agriculture-related business owners are finding themselves in the crosshairs of cyberattacks, specifically ransomware.
Ransomware is a form of extortion where attackers gain access to and take administrative control of key computing systems, encrypt applications and data, and then make ransom demands for the disclosure of the codes needed to the decrypt the encrypted data. Attackers are very hands-on in today’s ransomware attacks, using tools and techniques previously reserved for nation-state, financial and ecommerce breaches against small businesses unprepared to stop them.
We are currently experiencing a perfect storm of factors that enable these attacks. Agriculture-related businesses have evolved their technologies to a point where information technology (IT) systems are a critical part of daily operations and communications, but security controls may not have kept pace with the increase in the use of IT. At the same time, the fast growth of Bitcoin and other cryptocurrencies has made it possible for overseas attackers to anonymously demand and receive payments even in the millions of dollars with little chance of being caught. Ransomware attackers can be especially malicious, for example, by deleting backups or threatening to post stolen employee data online to incent an organization to pay the ransom.
There are two primary ways attackers are gaining footholds on networks for ransomware attacks: phishing and remote access services. Attackers are using targeted phishing attacks to steal passwords or install viruses that can give the attacker a backdoor into a network. Attackers target remote access services like VPNs and remote desktops with password-guessing attacks, only needing to guess one correct password for one employee in the company to gain access to internal systems. Once an attacker has this foothold, it is generally not difficult for them to exploit weak configurations and other weak passwords in the environment to get administrative access and begin encrypting data.
As a best practice, organizations should have a comprehensive, risk-based information security program. However, implementing the following security controls can greatly improve an organization’s resilience to ransomware attacks:
If you’d like more information about ransomware attacks or how Sikich can help you assess or improve your security posture, please contact your Sikich account representative or the Sikich Cybersecurity group’s sales team at 877.403.5227 or securitysales@sikich.com.
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.