There was a 27% uptick in ransomware attacks on the US food and agri sector in 2024, with 212 attacks recorded compared to 167 in 2023, according to the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC).

The organization and IT-ISAC track cyber attacks across 11 sectors in the US. In 2024, attacks on agriculture represented 5.8% of the total volume across the different sectors, compared to 5.5% the previous year. In its ‘Farm-to-Table Ransomware Realities’ report, Food and Ag-ISAC revealed that the new cybercriminal group RansomHub was responsible for the most attacks last year, with 23 logged.

“Most Ransomware-as-a-Service (RaaS) operations offer affiliate cybercriminals around 70-80%. Disruptions against rival ransomware operations likely led to affiliates scrambling to find their next partner, and RansomHub may have absorbed affiliates from other groups,” explains the report.  

Meanwhile, Food and Ag-ISAC tracked 85 cyber attacks against the food and agri sector last quarter alone, up from 39 during the same period the previous year —  a 118% increase. Early indications suggest the surge has continued into January 2025 with a near 20% rise. Attacks across all industries are expected to rise throughout the year. 

Variability in targeting

Food and Ag-ISAC attributes the increase to CL0P and FunkSec ransomware being “specifically active” during December 2024. 

Scott C. Algeier, executive director at Food and Ag-ISAC, tells Food Ingredients First that specific ransomware groups show a level of variability in their targeting. 

“While some companies might be specifically targeted, our research indicates that ransomware attacks are typically opportunistic. Ransomware operators will often scan the internet for publicly exposed and vulnerable systems, leverage initial access brokers, or offer their malware to other criminals through a RaaS model,” he says. 

“For initial access, threat actors will search for organizations with publicly exposed and vulnerable systems, leverage phishing and social engineering attacks, or employ initial access brokers — cybercriminals and insiders who sell access to vulnerable networks.”

The agri industry’s important links to other sectors make it a valuable target for online criminals. The sector represents 5.6% of US gross domestic product and 10.4% of US employment. Attacks can seriously harm the victim company’s suppliers or partners and disrupt its supply chain. 

Interconnected food-agri industry

According to US government data, the US food and agri sector is almost entirely privately owned. It has nearly 2 million farms, 700,000 restaurants, and more than 220,000 registered facilities for food manufacturing, processing, and storage. The sector is critical to several essential sectors, such as water and waste systems, transportation, energy, and chemical supplies.

“Past incidents have highlighted both the industry’s vulnerability to these disruptions and its resilience, as companies quickly adapt to maintain stability in the face of cyber threats. For example, ransomware attacks could impact or disrupt processes along agricultural production lines. Any downtime caused by an attack could lead to a chain reaction of delays, potentially causing late planting or harvesting windows,” details the report. 

It adds that crops may need to be palletized and moved to other regions during an active growing season. This is already done in cases of severe weather, such as droughts or flooding, but it is an expensive and taxing process that strains limited resources.

Food and Ag-ISAC says that while global law enforcement had a positive impact on deterring two major cybercrime groups—LockBit and ALPHV/BlackCat—several new players emerged last year to fill the void. 

“Reports show that several high-profile cybercriminal groups have begun partnering with ransomware actors. As such, the threat of ransomware should continue to be a concern for organizations across the critical infrastructure community, including the food and agriculture sector,” the organization explains. 

Improve security protocols

While most ransomware attacks are opportunistic, Food and Ag-ISAC warns that companies in the sector should continue improving their online security protocols to avoid a system breach. 

Algeier adds: “User training remains an essential tool in an organization’s defenses against ransomware attacks, as phishing emails, breached VPN credentials, and stolen credentials continue to be an initial access point for ransomware actors.” 

Many companies across F&B are becoming more security conscious and attempting to minimize their vulnerability to cybercrime. Earlier this year, Grupo Bimbo announced it had invested in NanoLock Security technology to protect against cyber attacks and maintain the security of critical operations for food supplies.