This week, AGCO, a U.S. agricultural equipment producer, suffered a ransomware assault that affected its enterprise operations and shut down its techniques.
AGCO, headquartered in Duluth, Georgia, designs, produces, and sells tractors, combines, foragers, hay instruments, self-propelled sprayers, good farming applied sciences, seeding and tillage tools. AGCO first found this assault by way of its subsidiary, Massey-Ferguson, when its web sites in France, Germany, and China had been focused. At that point, greater than 1,000 staff had been despatched dwelling from manufacturing services in France. Operations throughout the globe have been affected.
In order to mitigate and remediate the assault, AGCO shut down parts of its IT techniques, however it is going to seemingly take a number of days to totally restore them. It is presently unknown when enterprise operations will totally resume.
This assault is probably going a results of a latest donation to a Ukrainian reduction fund. The day earlier than this assault, AGCO Agriculture Foundation donated $50,000 to the BORSCH initiative, which assists Ukrainian farming communities affected by the struggle with Russia. Just a few weeks in the past, the FBI launched a warning on ransomware assaults focusing on the U.S. agricultural business and timed to coincide with important seasons within the business.
The FBI’s warning advisable the next steps to mitigate in opposition to ransomware assaults:
- Regularly again up data, air hole (a safety measure that entails isolating a pc or community and stopping it from establishing an exterior connection), and password defend backup copies offline.
- Ensure copies of important data aren’t accessible for modification or deletion from the system wherein the data reside.
- Implement a restoration plan that features sustaining and retaining a number of copies of delicate or proprietary data and servers in a bodily separate, segmented, safe location (i.e., onerous drive, storage gadget, the cloud).
- Identify important features and develop an operations plan within the occasion that techniques go offline. Think about methods to function manually ought to it turn out to be essential.
- Implement community segmentation.
- Install updates/patch working techniques, software program, and firmware as quickly as they’re launched.
- Use multifactor authentication the place doable.
- Use robust passwords and often change passwords to community techniques and accounts, implementing the shortest acceptable timeframe for password modifications. Avoid reusing passwords for a number of accounts and use robust go phrases the place doable.
- Disable unused distant entry/RDP ports and monitor distant entry/RDP logs.
- Require administrator credentials to put in software program.
- Audit consumer accounts with administrative or elevated privileges and configure entry controls with least privilege in thoughts.
- Install and often replace anti-virus and anti-malware software program on all hosts.
- Only use safe networks and keep away from utilizing public Wi-Fi networks. Consider putting in and utilizing a digital personal community (VPN).
- Consider including an electronic mail banner to messages coming from exterior your organizations.
- Disable hyperlinks in obtained emails.
- Focus on cyber safety consciousness and coaching. Regularly present customers with coaching on data safety ideas and methods in addition to general rising cybersecurity dangers and vulnerabilities (i.e., ransomware and phishing scams).
In the quick time period, the agricultural business (in addition to all U.S. companies) needs to be on excessive alert, and, along with patching all techniques in your group’s setting, one of the best factor to do is to have sturdy monitoring of the setting. Businesses can not defend what they will’t see; each asset have to be monitored.