Ransomware attacks targeting the food industry have become increasingly prevalent and damaging over the past few years. Between 2018 and May 2023, there have been 157 confirmed ransomware attacks on the food, beverage and agriculture industries, with 2021 having the most attacks at 64. These attacks have cost the world economy $1.36 billion in downtime alone, and have resulted in the breach of 696,832 individual records.
The average downtime from these attacks has increased dramatically in recent years, with over 11.5 days lost on average in 2021. This downtime can vary from a few hours of disruption to up to seven months of systems not being at full capacity. The ransom demands from the hackers have ranged from $20,363 to $15 million, with an estimated total of $637.7 million in ransoms demanded over this period.
Ransomware attacks on the food industry have broader implications for the economy and consumers. With widespread disruptions, there can be delays in production, missed deliveries and personal data breaches. As ransomware attacks become more targeted, big-name companies are increasingly falling victim and the impact of these attacks can reverberate far beyond the initial target.
Read on to learn about the top five most significant ransomware attacks on the food industry that have caused severe disruptions and significant financial losses.
1. Campari Group — $15 Million Ransom Demanded (2020)
In December 2020, Campari Group, an Italian liquor company, faced a ransom demand of $15 million from the Ragnar Locker ransomware group, marking one of the highest ransoms ever demanded in food industry ransomware attacks. The attackers claimed to have stolen two terabytes (TB) of unencrypted files and caused a shutdown of Campari’s IT services and network. The ransomware attack affected the company’s websites, which were taken down as a result.
The Ragnar Locker group claimed to have breached the company’s security perimeter and accessed servers across the company’s international offices. The data allegedly stolen included accounting files, banking statements, government letters, licensing certificates, confidential business information, personal information of clients and employees and other sensitive information. While it’s unclear whether the ransom was paid, the attack caused around eight days of disruption to the company’s services.
2. JBS Foods — $11 Million Ransom Paid (2021)
The JBS Foods ransomware attack in May 2021 stands out as one of the most notable ransomware attacks on the food industry due to the significant ransom paid. The Brazil-based meat processing company that supplies approximately one-fifth of the meat globally was the target of the attack, which impacted its beef and pork slaughterhouses.
After falling victim to the Russian organization REvil ransomware group, JBS paid a hefty $11 million to protect its customers, demonstrating the severe implications of ransomware attacks on the food industry; however, the decision to pay the ransom was criticized by American politician Carolyn Maloney due to concerns that it might incentivize further attacks. The incident drew attention to the potentially negative consequences of consolidation in meat production.
3. Harvest Food Distributors and Sherwood Food Distributors — $7.5 Million Ransom Demanded (2020)
In a major attack on Harvest Food Distributors and its parent company Sherwood Food Distributors in 2020, the REvil ransomware group demanded $7.5 million. The Russian group threatened to increase the ransom amount when negotiations soured, underscoring the aggressive tactics often employed in ransomware attacks.
Approximately 2,300 files owned by Sherwood and Harvest were leaked in this attack, revealing confidential customer information such as cash flow analyses, details about sub-distributors, insurance contracts, invoice sums and other proprietary vendor information of both the distributors and the supermarket chains. The compromised data also included scanned images of drivers’ licenses belonging to individuals in their distribution networks, which showcased some of the stolen data.
4. NEW Cooperative, Inc. — $5.9 Million Ransom Demanded (2021)
In a targeted attack by the BlackMatter ransomware group, Iowa-based agricultural cooperation NEW Cooperative, Inc. was forced to take its systems offline. The attackers demanded a ransom of $5.9 million, and while it was never confirmed whether the ransom was paid, the disruption to grain, pork and chicken supplies was significant.
This attack not only resulted in the disruption of the company’s computer systems, but it was so severe that it led to a declaration of a state of emergency by the Governor of Iowa due to its impact on the food supply chain. The state of emergency was aimed at speeding up the recovery and reducing the cost of the disaster.
5. Schreiber Foods — $2.5 Million Ransom Demanded (2021)
In October 2021, Wisconsin’s milk supply chain faced considerable disruption as Schreiber Foods, one of the state’s major milk processors, fell prey to a ransomware attack. The hackers, who were never identified, reportedly demanded a ransom of around $2.5 million to restore the company’s digital systems.
Milk distributors and transporters in Wisconsin received communication from Schreiber informing them of the company’s incapacitated computer systems, which left their facilities unable to accept the milk previously agreed upon. In response, haulers and planners had to scramble to find alternative destinations for the milk. While it is unclear whether Schreiber paid the ransom, the company had successfully restored its systems to full functionality within a few days.
There are many other instances of ransomware attacks on the food industry that have caused significant damages. For example, the attack on Dole PLC in February 2023 led to a temporary shutdown of some of its North American production plants, causing a shortage of salad kits and a reported loss of around $10.5 million.
With this growing threat of ransomware attacks, it’s crucial for organizations in the food and beverage industry to invest in robust cybersecurity measures. This includes regular employee training, implementation of backup and recovery procedures and staying up-to-date with the latest cybersecurity threats and solutions.