Businesses warned of ransomware dangers

ROSWELL — A representative with a relatively new governmental agency says any business, including any agricultural business, could be hit by a ransomware attack.

One attack reported in the United States began July 3 and could cost the main business targeted - the integrated technology firm Kaseya VSA - and the thousands of customers who used the firm for remote monitoring of its technology products tens of millions of dollars, according to recent news reports. The ransom requested for a decryption key has been reported as $70 million.

Earlier in 2020 and 2021, Colonial Pipeline Co. and the computer software firm SolarWind, which had thousands of customers that downloaded malware that had been encoded into one of its programs, also were hit.

The agricultural sector is by no means exempt. Over Memorial Day weekend, the world's largest meat supplier, JBS S.A. of Brazil, was hacked by the Russian-speaking gang known as REvil.

JBS had its data scrambled and some of its computer systems hampered, affecting its operations in several countries.

The company closed all of its U.S. slaughterhouses for part of a day, but the impact was reportedly felt by other businesses associated with it, including farmers, restaurants and grocery stores. The company paid $11 million as protection against future attacks, according to company officials.

“The point is, these attacks are nonstop. They are endless. They are happening every single day,” said George Reeves, the cybersecurity advisor for the Cybersecurity and Infrastructure Security Agency. “These are just the ones that are reported, open source. But I guarantee you there are probably 80% more going on that aren't being reported.”

He said attacks have been reported by New Mexico entities, including universities, state agencies and counties.

Reeves, who works from San Antonio, Texas, said his operation was part of the U.S. Department of Homeland Security for about five years and known as the National Protection Program Directorate. It began operating independently about 2 1/2 years ago.

He made his remarks July 8 as part of a webinar sponsored by the Southwest Border Food Protection and Emergency Preparedness Center. The center is a collaborative initiative of the New Mexico Department of Agriculture and New Mexico State University, including its Cooperative Extension network and College of Agricultural, Consumer and Environmental Sciences.

Marshal Wilson, co-director of the center, said he is not aware of any New Mexico agribusinesses that have been victims of ransomware or that were affected by the JBS attack. Still, he said, all businesses involved in food production, distribution or sales need to be prepared.

“Cybersecurity has been a persistent concern to our nation's critical infrastructure owners, including the food and agriculture sector,” Wilson said. “Recent attacks such as the Colonial Pipeline attack or the one on JBS have shown a need to increase education and awareness so that businesses are better prepared to deal with issues like ransomware.”

Reeves said most businesses are not required by federal or state regulations to do anything to protect their premises or computer systems and data. But he said businesses that do not consider their data or services critical could become “supply chain targets,” affected by cybercrime because they are tied to the main targets.

Smaller businesses, which are less likely to have sophisticated security measures, could become targets if their computer systems contain data considered attractive to criminals.

He said businesses have only three options once a ransomware attack occurs: pay the ransom, which is not recommended and could become prohibited by law in the future; use data backups if they exist; or rebuild from scratch.

To avoid being attacked, Reeves gave some preventative steps. Businesses should update manufacturer software often and install patches as soon as they are available. They also should back up critical data frequently and store it on computers not connected to networks or the internet. He also recommended testing backups regularly to ensure data can be restored when needed.

Reeves further recommends that company personnel be trained to recognize possible phishing attempts, which is how malware is often introduced or how systems are hacked. Employees should know not to follow directions of any unsolicited emails that ask employees to download computer files, call a phone number, click on email or website links, or provide sensitive organizational or personal information.

People also should use commercial password management software programs to generate and save passwords that are unique for each account and are complicated. Then change passwords frequently.

“Use the longest password allowed,” he said. “If the minimum is eight (characters) and the maximum is 20, use the 20.”

He explained that “brute force password hacker” programs might be able to crack an eight-character password in a week, but would need “thousands of years” to figure out a complex 20-character password.

Reeves said the agency, which is in the process of hiring a New Mexico advisor, will consult with businesses one-on-one for free and provide them with recommendations about how companies can guard against cybercrime.

“As this ransomware becomes more prevalent here in the United States, we definitely have our work cut out for us,” said Tom Dean, co-director of the Southwest Border Food Protection and Emergency Management Center.