This week, AGCO, a US farm equipment manufacturer, suffered a ransomware attack that affected its business operations and shut down its systems.
AGCO, headquartered in Duluth, Georgia, designs, produces and sells tractors, combines, harvesters, hay tools, self-propelled sprayers, smart farming technologies, seeding and tillage equipment. AGCO first discovered this attack through its subsidiary, Massey-Ferguson, when its websites in France, Germany, and China were attacked. At that time, more than 1,000 employees were sent home from the production facilities in France. Operations around the world have been affected.
To mitigate and remediate the attack, AGCO shut down parts of its IT systems, but it will likely take several days to fully repair them. It is currently unknown when business operations will fully resume.
East stroke it is probably the result of a recent donation to a Ukrainian relief fund. The day before this attack, the AGCO Agricultural Foundation donated $50,000 to the BORSCH initiative, which helps Ukrainian farming communities affected by the war with Russia. A few weeks ago, the FBI issued a warning about ransomware attacks targeting the US agricultural industry and timed to coincide with critical seasons in the industry.
The FBI warning recommended the following steps to mitigate ransomware attacks:
- Back up your data regularly, air gap (a security measure that isolates a computer or network from establishing an external connection)and password protect offline backups.
- Ensure that copies of critical data are not accessible for modification or deletion from the system on which the data resides.
- Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, cloud).
- Identify critical functions and develop an operations plan in the event systems go offline. Think of ways to trade manually in case you need to.
- Implement network segmentation.
- Install operating system, software, and firmware updates/patches as soon as they are released.
- Use multi-factor authentication when possible.
- Use strong passwords and regularly change passwords for systems and network accounts, implementing the shortest acceptable time period for password changes. Avoid reusing passwords for multiple accounts and use strong passphrases where possible.
- Disable unused RDP/remote access ports and monitor RDP/remote access logs.
- Require administrator credentials to install the software.
- Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
- Install and regularly update anti-virus and anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider setting up and using a virtual private network (VPN).
- Consider adding an email banner to messages that come from outside your organizations.
- Disable hyperlinks in received emails.
- Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques, as well as emerging cybersecurity risks and vulnerabilities in general (i.e., ransomware and phishing scams).
In the short term, the agricultural industry (as well as every business in the US) needs to be on high alert, and aside from patching all the systems in your organization’s environment, the best thing you can do is have monitoring surrounding solid. Companies can’t defend what they can’t see; every asset must be monitored.