Agriculture company AGCO hit by ransomware attack

Worldwide manufacturer and distributor of agricultural equipment, AGCO, announced that on May 5, the company experienced a ransomware attack.
Published: May. 11, 2022 at 12:58 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

HESSTON, Kan. (KWCH) - Worldwide manufacturer and distributor of agricultural equipment, AGCO, announced that on May 5, the company experienced a ransomware attack that impacted some of its production facilities.

AGCO, locally based out of Hesston, is investigating the attack and is anticipating that business operations will be affected for several days and potentially longer. It is currently unknown when business operations will fully resume services and will depend on how quickly the company can repair its systems.

“Our expectations with regard to resolving the issues are forward-looking statements, and actual results could be materially different due to a number of factors, including our ability to successfully reinstall software and restore IT operations at the affected sites,” said AGCO Vice President Greg Peterson on May 6.

On May 11, Peterson provided the following update: “Upon becoming aware of the attack and in order to minimize any damage to our information technology environment, we suspended the use of several key systems, which, in turn, resulted in the closing of a majority of our production sites and parts operations. Our efforts to restore our systems and business operations are ongoing. Currently, we anticipate restarting some of the affected production sites and parts operations at the end of the week of May 9, 2022, with the balance progressively restarting during the week of May 16, 2022, although damage from the attack could require more in-depth, and lengthy, remediation and recovery than currently is expected. We have not fully assessed the impact of the attack, although we expect to be able to mitigate its effects on our operating results by increasing production over the remainder of 2022.”

Eyewitness News spoke with cybersecurity experts for insight into what’s involved with ransomware attacks and the damage they can cause.

“What do these attacks do? They basically encrypt, shut down the entire computer system within a company,” said cybersecurity expert and author of “The Weakest Link,” Dr Arun Vishwanath. “They basically put in a malware, so malware comes in and makes it impossible to open any files or anything on its computers or the networks entirely. So basically the operations of that corporation cease.”

And as the name implies hackers behind this malware hold companies hostage until they decide to pay or restore systems from scratch.

“This is why companies pay the ransom because think about it. On average, you’re paying about $5 million. The cost to clean up is probably eight to 10 times as much, not to talk about the downtime,” Dr. Vishwanath said.

“It’s a tough choice for businesses at this point in time whether or not they’ll want to pay that ransom or whether they’re going to try to rectify this themselves because of the loss of productivity and how long are they going to be down.” Friends University Cybersecurity Director Dr. Matthew Magee said, “How long does this impact the company beyond just today, reputation-wise and everything else? This is a long-term loss of revenue in reality for most companies, so it’s easier to pay the ransom a lot of times and try to get back online as quickly as possible.”

Dr. Vishwanath and Dr. Magee said these attacks aren’t new, but they are becoming more prominent.

“In the older days, paying was not something that you looked at because of the cost. They were wanting too much money.” Dr. Magee said, “Today, most of these ransomware, the costs are more useful than trying to clean up and trying to work through this themselves. Plus, with cyber insurance out there now, so long as your company is purchasing cyber insurance, your cyber insurance is going to pay out on a lot of these.”

In the past year, there have been a number of high-profile ransomware attacks including the Colonial Pipeline and JBS - a meatpacking company.

“(It) may have spread for hours, sometimes days before it gets to that point where it has spread to the point where it has actually taken control,” Dr. Magee explained. “It can shut down a facility quick once it actually hits.”

Last month, the FBI sent out a warning to ag-related corporations, saying ransomware hackers could focus on them as targets during the planting or harvesting seasons, impacting everything from the operations of the company and rippling down even the food supply chain. Adding that with the time-sensitive nature they play in agricultural production, hackers could view them as more willing to pay.

“When you cripple these industries, even for a week or a month, it takes a lot, it increases prices,” Dr. Vishwanath said. “It creates a multiplier effect all through the economy. We saw this with Colonial, prices [on gas] went up. We saw this with the JBS meatpacking attack. Again, the prices of meat went up all across the nation.”

Dr. Vishwanath and Dr. Magee say all companies need to plan for these attacks because it’s not a matter of if but when. These attacks have hit all types of industries.

Dr. Magee said, “Businesses have to have a plan in place. Some kind of disaster recovery plan in place to make sure when this happens they have steps already laid out and now what to do immediately to isolate this incident cause otherwise, you’re scrambling at the last minute.”

One of the weak points is the people, the end-users through clicking on a link in an email or clicking on something on a website.

“The best defense is hygiene, better cyber hygiene. We need corporations to take this very seriously. Everybody is at risk, every corporation.” Dr. Vishwanath added, “The risk comes from people in the organizations, so they need to show better cyber hygiene. They need to be shown, trained to make sure that the exposure that they have to the internet is in some way protected.”

It also includes making sure systems are up to date and using two-factor authentication or long passwords.

One of the main sources of ransomware attacks comes from Russia.

Dr. Magee said, “For the most part, this has become something that’s so easy to do that there are more and more people who don’t have a big computer background per se that are getting involved and doing this now.”

Copyright 2022 KWCH. All rights reserved.