Ransomware Attack Hits Major Farming Equipment Maker AGCO | #malware | #ransomware | #education | #technology | #infosec

A ransomware attack has disrupted production at AGCO, a major US provider of farming equipment, including tractors and harvesters. 

The company confirmed the incident today after media in France reported a cyberattack had hit several AGCO sites in the country on Thursday, including a tractor assembly facility.  

The company said: “AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the company is able to repair its systems.”

Little else is known, such as which ransomware strain infected the company’s systems or if AGCO is going to pay the ransom. For now, a company spokesperson told us he had nothing to add, but said AGCO plans on providing updates. 

According to French media, the company realized it suffered the attack on Thursday morning. The ensuing disruption caused AGCO servers to become inaccessible and forced production at the affected company sites to stop.   

The attack risks preventing AGCO from serving its agricultural customers across the globe. Last month, the FBI raised alarm bells about how hackers are spreading ransomware to farming groups during the planting and farming seasons. 

The goal behind the attacks is to pressure farming groups into paying the ransom demands, which can involve forking over hundreds of thousands to millions of dollars. But in a worst case scenario, the disruptions could also affect the food supply chain, the FBI warned. As an example, the agency pointed to an incident in March involving a ransomware attack that hit a “multi-state grain” processing company that also provides seed and fertilizer services. 

In response, the FBI has provided a list of tips on how farming groups can protect themselves from such attacks. They include creating backups, quickly installing the latest software patches, and activating multi-factor authentication on login systems whenever possible.