Agricultural Equipment Maker Hit By Ransomware Attack

US agricultural equipment maker AGCO has said operations at some of its production facilities have been disrupted by a ransomware attack.

The incident comes during the critical planting season, and follows a warning by the FBI two weeks ago that hackers were targeting the industry.

Georgia-based AGCO, which sells machinery under brands including Challenger, Fendt, Massey Ferguson and Valtra, said the attack could affect its operations for “at least several days”.

“AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the company is able to repair its systems,” the company said in a statement on Friday.

Disruption

US agricultural equipment makers had already been hit by supply chain disruptions and labour strikes that left them unable to meet demand from farmers.

Several dealers told Reuters the attack had left them unable to order or look up parts since the attack took place on Thursday.

AGCO, which competes with larger Deere & Co, manufactures and assembles products in 42 locations worldwide and has 1,810 dealerships in North America.

The company told a dealer digital systems had been affected worldwide, according to Reuters.

The equipment maker said the recovery process involves reinstalling software and restoring IT operations at the affected facilities, without specifying which locations were involved.

Common exploits

Two weeks ago the FBI issued a Private Industry Notification warning agriculture co-operatives of ransomware attacks timed for the planting season, saying they could lead to financial losses and even food shortages.

It was the second time the FBI has issued such a warning to the sector, following a September 2021 notice that said ransomware groups were ramping up attacks during the harvesting season.

“Since 2021, multiple agricultural cooperatives have been impacted by a variety of ransomware variants,” the FBI stated in April.

It said initial intrusions were carried out by attacking unpatched common vulnerabilities and exploits. Secondary infections were spread via shared network resources or compromise of managed services, the agency said.

Critical infrastructure

The FBI said it was concerned hackers might think agricultural co-operatives have an extra incentive to pay during time-sensitive phases of their work.

Ransomware attacks have in recent years affected Colonial Pipeline’s oil network and meat processing company JBS. Last autumn at least three grain handlers in the Midwest were hit by ransomware attacks.