The food and agriculture sector has seen a dramatic rise in ransomware attacks, with incidents doubling in the first quarter of 2025 compared to the same period last year. According to Jonathan Braley, director of the Food and Ag-ISAC, 84 attacks were recorded in just three months, marking a 100% increase1. This surge highlights critical vulnerabilities in industrial control systems (ICS) and supply chain dependencies, making the industry a prime target for threat actors like Clop, Akira, and RansomHub2.
Key Attack Trends and Threat Actors
The majority of attacks exploit outdated ICS, which lack modern security controls. A report from the Food and Ag-ISAC indicates that 53% of incidents involved legacy systems, often running unpatched file-sharing software like Cleo2. Clop, a prominent ransomware group, has been particularly active, leveraging vulnerabilities in these tools to gain initial access. Other groups, such as Akira and RansomHub, have adopted similar tactics, focusing on credential theft and lateral movement within compromised networks.
High-profile victims include a South African poultry producer, which suffered $1 million in losses due to operational disruptions, and a Siberian dairy plant forced to halt production3. These incidents underscore the financial and operational risks posed by ransomware, especially in industries reliant on just-in-time delivery models.
Mitigation Strategies for Critical Infrastructure
To counter the rising threat, organizations are advised to prioritize patch management, particularly for file-sharing and ICS software. The Food and Ag-ISAC recommends immediate updates and cross-sector threat intelligence sharing to identify emerging attack patterns1. Employee training is also critical, as phishing remains a common entry point for ransomware.
Network segmentation and continuous monitoring can help detect anomalous activity early. For example, deploying endpoint detection and response (EDR) solutions with behavioral analysis capabilities may flag ransomware encryption attempts before they spread. Additionally, maintaining offline backups ensures recovery options even if systems are compromised.
Global Context and Future Outlook
While overall ransomware attacks declined by 32% in March 2025, the food and agriculture sector remained a top target4. This divergence suggests threat actors are shifting focus to industries with high disruption potential and weaker defenses. As ransomware-as-a-service (RaaS) models proliferate, smaller groups may increasingly target the sector, amplifying the need for proactive defenses.
The surge in attacks underscores the importance of securing critical infrastructure. Without significant improvements in ICS security and supply chain resilience, the food and agriculture industry will likely face continued threats in 2025 and beyond.
References
- “Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months,” GBHackers, May 6, 2025.
- “Ransomware attacks on food and agriculture double in 2025,” The Record, May 2, 2025.
- “Food and agriculture face ransomware attack surge,” SC World, May 5, 2025.
- “Ransomware falls sharply in March,” NCC Group via Infosecurity Magazine, 2025.
