Cybercriminals Targeting U.S. Food and Agriculture Sector Now More Than Ever

Cybercriminals are tightening their grip on America’s food supply, warns a new report from an industry-led threat monitoring and mitigation group. The annual assessment from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) finds that ransomware attacks on the food and agriculture sector are increasing, underscoring the need for stronger cybersecurity measures and closer public-private collaboration to reverse the trend.

Report Finds Ransomware Surge in Food and Agriculture

The new publication, formally known as the 2024 Ransomware Cyber Threat Report, reveals a 118 percent spike in ransomware attacks targeting the food and agriculture sector in the fourth quarter of 2024 compared to the same period in 2023. Experts with the Food and Ag ISAC warn that this trend is likely to continue into 2025. Rather than reduce ransomware, the global crackdown over the past two years on LockBit and ALPHV/BlackCat, two notorious ransomware operations, created a power vacuum quickly filled by other criminal groups like RansomHub and Hunters International.

The report sheds light on common attack tactics used by these groups, including double extortion, wherein hackers encrypt systems while simultaneously stealing and threatening to leak sensitive data. This method has become hackers’ modus operandi because it increases the likelihood that companies will pay the ransom. Even if companies can restore their systems, the risk of sensitive data being leaked publicly forces victims to pay.

Ransomware Groups Exploiting Weak Links in Food and Agriculture Cybersecurity

The food and agriculture sector is uniquely vulnerable to ransomware attacks due to its highly interconnected supply chains and reliance on just-in-time distribution for both inputs and outputs. Even a short disruption in food production or processing can trigger cascading consequences, affecting everything from access to food at grocery stores to global commodity markets. As farms, processing plants, and distributors become increasingly digitized and interdependent, hackers can exploit a single vulnerability in the supply chain, sowing potential chaos and global disruption.

The ISAC report highlights the need for organizations to adopt baseline cybersecurity best practices to strengthen defenses against ransomware attacks. Hacker groups specifically target unprotected systems, making multi-factor authentication essential to prevent unauthorized access. The report also emphasizes the importance of regular updates for firmware, operating systems, and security software to address vulnerabilities before attackers can exploit them.

Strengthening Resilience in the Food and Agriculture Sector

To begin to solve this problem, the Cybersecurity and Infrastructure Security Agency (CISA) used its annual Cyber Storm exercise in April 2024 to focus on gaps in the food and agriculture sector’s cyber incident response capabilities. The after-action report released in September revealed specific actions that the federal government needs to undertake to improve its information sharing with the sector.

For example, when the Food and Ag-ISAC reported cyber threat information from one of its member organizations to federal partners, the federal government instructed the ISAC not to share the information with its other members. What’s more, the Food and Ag ISAC received threat intelligence from federal partners without guidance as to what they could share with their members.

The point of information sharing is that companies can learn from attacks on other owner-operators so that they themselves do not fall victim to the same type of attack. Without the information, the malicious cycle continues, and mitigation measures cannot keep pace with the threat environment.

The Department of Agriculture, as the primary federal entity responsible for coordination with the sector, participated in the Cyber Storm exercise. Having learned from the exercise, the agency should improve information-sharing protocols and enhance coordination between federal partners and private sector stakeholders. Without these necessary measures, the food and agriculture sector will remain a prime target for ransomware groups looking to exploit weak defenses.

Johanna “Jo” Yang is a research and editorial associate at the Foundation for Defense of Democracies (FDD) Center on Cyber and Technology Innovation (CCTI), where Maria Riofrio is an intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.