This week, AGCO, a U.S. agricultural machinery manufacturer, suffered a ransomware attack that affected its business operations and shut down its systems.

AGCO, headquartered in Duluth, Georgia, designs, produces, and sells tractors, combines, foragers, hay tools, self-propelled sprayers, smart farming technologies, seeding and tillage equipment. AGCO first discovered this attack through its subsidiary, Massey-Ferguson, when its websites in France, Germany, and China were targeted. At that time, more than 1,000 employees were sent home from production facilities in France. Operations across the globe have been affected.

In order to mitigate and remediate the attack, AGCO shut down portions of its IT systems, but it will likely take several days to fully repair them. It is currently unknown when business operations will fully resume.

This attack is likely a result of a recent donation to a Ukrainian relief fund. The day before this attack, AGCO Agriculture Foundation donated $50,000 to the BORSCH initiative, which assists Ukrainian farming communities affected by the war with Russia. A few weeks ago, the FBI released a warning on ransomware attacks targeting the U.S. agricultural industry and timed to coincide with critical seasons in the industry.

The FBI’s warning recommended the following steps to mitigate against ransomware attacks:

  • Regularly back up data, air gap (a security measure that involves isolating a computer or network and preventing it from establishing an external connection), and password protect backup copies offline.
  • Ensure copies of critical data are not accessible for modification or deletion from the system in which the data reside.
  • Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually should it become necessary.
  • Implement network segmentation.
  • Install updates/patch operating systems, software, and firmware as soon as they are released.
  • Use multifactor authentication where possible.
  • Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong pass phrases where possible.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Require administrator credentials to install software.
  • Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
  • Install and regularly update anti-virus and anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
  • Consider adding an email banner to messages coming from outside your organizations.
  • Disable hyperlinks in received emails.
  • Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).

In the short term, the agricultural industry (as well as all U.S. businesses) should be on high alert, and, in addition to patching all systems in your organization’s environment, the best thing to do is to have robust monitoring of the environment. Businesses cannot defend what they can’t see; every asset must be monitored.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.