The food and agriculture industry is facing a dramatic escalation in ransomware attacks, with the first quarter of 2025 witnessing 84 incidents-more than double the figures seen during the same period last year.
The alarming trend was highlighted at the RSA Conference, where Jonathan Braley, director of the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC), urged greater transparency and collaboration to counter the growing threat landscape.
Despite the visible spike in cyberattacks, Braley emphasized a continuing lack of visibility into the true scope of the problem.
Many organizations, he noted, still refrain from publicly disclosing incidents or sharing technical details of the attacks and remediation strategies.
“A lot of it never gets reported, so a ransomware attack happens and we never get the full details,” Braley told Recorded Future News.
He further stressed that broader industry cooperation, including sharing of attack vectors and recovery techniques, is critical to building collective resilience.
According to the report, the uptick in ransomware activity became evident in the last quarter of 2024 and has persisted into 2025.
In January, the sector saw 31 attacks, which increased to 35 in February before dipping to 18 in March.
These numbers, sourced from a combination of open-source threat intelligence, dark web monitoring, and contributions from industry members and fellow ISACs, indicate that the sector remains a persistent target for cybercriminals.
While the notorious Clop ransomware group was responsible for a significant portion of the surge, exploiting a widely used file-sharing service, Braley pointed out that even after excluding Clop-related incidents, other groups such as RansomHub and Akira continue to attack the sector relentlessly.
High-profile cases in recent months included a March attack on South Africa’s largest chicken producer, which incurred losses exceeding $1 million, as well as a breach at the largest dairy processing facility in southern Siberia-both underscoring the operational and financial ramifications of these attacks.
Sector-Specific Challenges Amplify Risk
Experts attribute the industry’s heightened exposure to ransomware to a reliance on legacy equipment and industrial control systems, which often lack modern security safeguards and are more difficult to patch or upgrade.
The sector’s dependence on tight supply chains and just-in-time delivery models further increases its attractiveness as a ransomware target, as even brief operational disruptions can have significant downstream impacts.
“The combination of older technology and highly time-sensitive operations makes food and agriculture companies prime targets,” said Braley.
The report further notes that ransomware now accounts for 53% of all known cyber incidents in the food and agriculture sector, highlighting the particular dominance of extortion-driven attacks compared to other threat types.
The Food and Ag-ISAC’s findings underscore the urgent need for improved information sharing, industry coordination, and investment in cybersecurity controls tailored to the sector’s unique operational landscape.
Braley called for more openness about attack techniques and incident remediation processes, arguing that such transparency is vital to bolstering defenses across the entire supply chain.
With ransomware gangs maintaining relentless pressure and the threat landscape continuing to evolve, stakeholders across the food and agriculture ecosystem are being urged to prioritize cyber risk management, modernize legacy infrastructure, and participate in collaborative threat intelligence efforts to mitigate the impact of future attacks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
