Cyber threats from food suppliers persist a year after the JBS attack

In the past year, the food and agriculture sector has become a prime target for cyberattacks, with ransomware attacks causing significant disruptions to supply chains. One such incident occurred in March 2025, when an agricultural cooperative in Åland, Finland, was attacked, causing operations to halt in the food supply chain.

Last fall, threat actors launched ransomware attacks against six grain cooperatives, potentially disrupting the supply of seeds and fertilizers. The world's largest meat supplier, JBS USA, also suffered a ransomware attack in late May 2021, temporarily shutting down its slaughter plants and meat processing facilities in North America and Australia.

The increased digital transformation in the food and agriculture sector has exposed operational technology (OT) assets to a host of new cyberthreats. Much of the machinery in this sector runs on legacy OT that was never designed to be connected to the internet. This, combined with the consolidation and concentration of companies responsible for the global food supply, presents another unique point of risk.

With so many potential OT entry points, attackers don't even need to transit the IT/OT boundary to wreak havoc. The global food supply crunch has been exacerbated by other factors, including Russia's invasion of Ukraine and macroeconomic factors such as grain shortages, climate change, and high inflation rates.

The food and agriculture sector is considered one of the 16 U.S. critical infrastructure sectors by the Cybersecurity and Infrastructure Security Agency (CISA). Food and agriculture businesses rely on a broad ecosystem that requires extensive information sharing among farmers, transportation companies, processors, and distributors. This ecosystem includes a vast pool of third-party automation vendors that maintain site-to-site access into the OT environment.

Recently, the FBI warned food and agriculture cooperatives could be prime targets during critical planting and harvest seasons. Just 16 days after the FBI warning, agricultural machinery producer AGCO was hit with a ransomware attack. The global food price index has soared almost 30% in the past year, according to the United Nations.

Katell Thielemann, research VP at Gartner, stated that food and agriculture seems to be on a few people's radars in a way that hasn't been seen before. She also warned that a coordinated attack on food and agriculture could lead to empty shelves nationwide in under a week.

In the case of the JBS USA attack, the company paid $11 million in ransom to cybercriminals a week after discovering the incursion. Most security teams in the food and agriculture sector are still cataloguing assets and identifying connected systems with the greatest exposure.

As the world grapples with the challenges of feeding a growing population, the threat of ransomware attacks on the food and agriculture sector cannot be ignored. It is crucial for organisations in this sector to prioritise cybersecurity measures to protect their operations and the global food supply.