What are Busy Seasons for Ransomware Attacks?
There has been a rise in ransomware attacks on agricultural cooperatives and the FBI has warned that ransomware attacks are more likely to strike agricultural cooperatives during critical planting and harvesting seasons.1 As ransomware attacks are likely to disrupt operations, cause financial loss, and negatively impact the food supply chain, ransomware cyberattackers perceive agricultural cooperatives as lucrative targets who will be willing to pay due to these consequences as well as the inherent time-sensitivity in agricultural production. In recent ransomware cyberattacks on agricultural cooperatives, cyberattackers exploited known, but unpatched, common vulnerabilities, as well as shared network resources. These ransomware attacks resulted in slower processing due to manual operations, as well as loss of administration functions such as websites and email. The FBI notes that a significant disruption of grain production could impact the entire food chain, as grain is consumed by both humans and animals. A grain and corn production disruption could impact commodities and stocks, while a protein or dairy facility disruption could have cascading effects along the supply chain.
Beyond ransomware threats to agricultural cooperatives during their critical seasons, ransomware attackers often choose holiday periods to attack many different sizes of organizations and in different industries. Holidays appeal to ransomware attackers as it affords them more time to propagate throughout a network, escalating privileges to obtain maximum control over more systems2. The longer it takes for the cyberattacker to be noticed, the more damage that can be done. Holiday periods are also attractive to ransomware attackers because organizations are more likely to be understaffed and less attentive.
With ransomware attackers being mindful of the most vulnerable periods for your organization, where they can maximize ransom and/or damage, it is important to take steps to ensure that you have multiple layers of security protecting your organization year-round. The FBI recommends the following steps for mitigating threats and protecting against ransomware attacks:
- Regularly back up data, air gap, and password protect backup copies offline. Ensure
copies of critical data are not accessible for modification or deletion from the system
where the data resides.
- Implement a recovery plan that includes maintaining and retaining multiple copies of
sensitive or proprietary data and servers in a physically separate, segmented, secure
location (i.e., hard drive, storage device, the cloud).
- Identify critical functions and develop an operations plan in the event that systems go
offline. Think about ways to operate manually if it becomes necessary.
- Implement network segmentation.
- Install updates/patch operating systems, software, and firmware as soon as they are
released.
- Use multifactor authentication where possible.
- Use strong passwords and regularly change passwords to network systems and
accounts, implementing the shortest acceptable timeframe for password changes. Avoid
reusing passwords for multiple accounts and use strong pass phrases where possible.
- Disable unused remote access/RDP ports and monitor remote access/RDP logs.
- Require administrator credentials to install software.
- Audit user accounts with administrative or elevated privileges, and configure access
controls with least privilege in mind.
- Install and regularly update anti-virus and anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and
using a virtual private network (VPN).
- Consider adding an email banner to messages coming from outside your organizations.
- Disable hyperlinks in received emails.
- Focus on cyber security awareness and training. Regularly provide users with training on
information security principles and techniques as well as overall emerging cybersecurity
risks and vulnerabilities (i.e. ransomware and phishing scams).
1 FBI, 2022, “Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons”
2 Barrett, 2021, “Why Ransomware Hackers Love a Holiday Weekend”