Healthcare, Financial Services…and Farms? Yes, Farms.
Ransomware is the kidnapping of a company computer system.
A ransom pays for the return of a kidnapping victim. Hackers are data kidnappers who release malicious software into a system. Data isn’t always removed from the system, but the malware encrypts access to it. Sometimes the hackers will steal records, without your knowledge – to sell on the dark web.
Either way, once the kidnappers are inside the system, they take control. The organization no longer has access to the system’s data or functions. You won’t know if anything was copied or stolen until you regain access.
The hackers let the organization scramble for a bit to build urgency, then they make contact. They set a price for the release of the data and the payment method. Cryptocurrency is the norm for most transactions. Once the organization pays up, the hackers release the data. The organization still won’t know when or how the hackers got in. On top of the ransom, it can cost hundreds of thousands of dollars to find the back door and make sure the system is secure.
According to a 2021 Cyber Threat report Sonic Wall, there were 304 million ransomware attacks around the world in 2020. Cyber-extortion is a profitable crime without much risk. Hackers cover their tracks with anonymous cryptocurrency transactions. It is expected attacks will continue to rise.
Attacks on the Food Supply
Although healthcare and financial services are typically the prime targets for ransomware groups, disrupting agriculture is their latest target.
The FBI has issued a warning regarding ransomware attacks during the planting and harvesting seasons. The hackers focus on time-sensitive periods, assuming there will be less resistance to paying up.
In September of 2021, a company that makes software for grain production, NEW Cooperative, was hit with a ransomware attack. It was the second attack in a week, following the hit on the Minnesota-based Crystal Valley. Months earlier, JBS Corporation, the meat processing company, had to temporarily shut down nine of its beef process plants due to a ransomware attack.
Though these attacks didn’t invade farm systems, they did compromise the operational supply chain. For smaller family farms, these disruptions can be devastating. When seed doesn’t ship or meat can’t be processed, their income is at risk.
Secondary Systems aren’t the Only Concern
More and more farms are relying on networked technology to improve efficiency. Sensors to control building temperatures and keep pumps delivering water are managed remotely. That means they can be hacked. Most are IoT devices, which have little or no security protocols built in.
Ransomware is typically about money, but bad actors can be malicious as well. Many of the ransomware groups are Russian or Eastern European. Given the war in Ukraine, there is heightened concern about cyberattacks against all critical infrastructure, including the food supply.
Healthcare Data is Worth the Most
In the past decade, the government has prioritized and required the use of electronic medical records. Sharing patient data is a driver behind the Centers for Medicaid and Medicaid’s new payment model. Medical data is also time-sensitive, loss of access can have urgent consequences for patients. That makes every healthcare system a prime target.
The worst ransomware breach of 2020 came from a third-party IT provider.
The Blackbaud Breach
Blackbaud is a cloud services provider for medical practices. Their services include payment processing, financial management, and fundraising for endowments. Beyond the universities and non-profits, 100 U.S. healthcare organizations were affected. Over 12.3 million patient records were exposed.
Blackbaud originally said they stopped the hackers before they could control access to any data but most assume they paid the ransom. Later the company had to acknowledge that a subset of data was stolen. It included usernames, passwords, and credit cards. It was double extortion, hackers stole the data before they encrypt the system.
Blackbaud’s response infuriated customers. The attack happened on Feb. 7, wasn’t caught until May, and they didn’t inform their clients until July. The attack cost the company $3.6 million to restore services. They face over 20 lawsuits in the United States and Canada.