Abstract
In the food industry, the level of awareness of the need for food defence strategies has accelerated in recent years, in particular, mitigating the threat of ransomware. During the Covid-19 pandemic there were a number of high-profile organised food defence attacks on the food industry using ransomware, leading to imperative questions over the extent of the sector’s vulnerability to cyber-attack. This paper explores food defence through the lens of contemporary ransomware attacks in order to frame the need for an effective ransomware defence strategy at organisational and industry level. Food defence strategies have historically focused on extortion and sabotage as threats, but often in terms of physical rather than cyber-related attacks. The globalisation, digitalisation and integration of food supply chains can increase the level of vulnerability to ransomware. Ransomware is an example of an organised food defence threat that can operationalise both extortion and sabotage, but the perpetrators are remote, non-visible and often anonymous. Organisations need to adopt an effective food defence strategy that reduces the risk of a ransomware attack and can enable targeted and swift action in the event an incident occurs. Further collaboration between government and the private sector is needed for the development of effective governance structures addressing the risk of ransomware attacks. The novelty of this article lies in analysing the issue of ransomware attacks from the perspective of the food sector and food defence strategy. This study is of potential interest to academics, policy makers and those working in the industry.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
Introduction
The food and agricultural sector is one of the critical infrastructural sectors in the global economy. Food supply and associated assets, systems, and networks are vital to any country wherein their incapacitation or destruction would have a debilitating effect on security, the national economy, public health or safety, or any combination thereof. A cyber-attack at one step in the food supply chain can have an amplifying effect causing food production, processing and distribution to fail (Cartwright and Cartwright 2023). Being a victim of ransomware is a key concern of the emerging technological development of the food and agricultural sector across the world. Ransomware attacks intentionally or unintentionally targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the resilience of the food supply chain. Therefore, ransomware attacks can endanger food and nutrition security. The financial cost of ransomware attacks is increasing year on year.
Ransomware and phishing were the 2022 themes of the European Cyber Security Month, the European Union’s (EU’s) annual campaign promoting cyber-security. Ransomware, an emerging type of cyber-attack (Jarjoui et al. 2021), is a devastating weapon in the hands of cyber-criminals (Keshavarzi and Ghaffary 2023). Ransomware is a form of malicious software or malware that compromises data integrity, availability and confidentiality (Manning 2019) through denying access to data or computer systems, usually by encryption, and then a financial ransom is requested by the perpetrators from the victim to be payable to regain a fully functioning system or access to their data (Jelaš 2018). Sensitive data files can be exfiltrated before encryption occurs (FBI 2021a).
There have been multiple types of organisation that are ransomware targets including healthcare-related companies (e.g., regarding the implantable or ambulatory medical devices of patients), banking, credit, and financial organisations, educational institutions, producers and users of autonomous programmable vehicles (e.g., cars, drones, trains, ships, etc.) and food business operators (Oz et al. 2022). As food supply chains digitise for more efficient decisions based on rich-data analytics, the vulnerability to intentional disruption through ransomware and other forms of malicious attack becomes increasingly more of a concern (Etemadi et al. 2020).
From 2019 to 2020, the average ransom demand doubled, and the average cyber-insurance payout increased by 65% (FBI 2021a). The malicious software can be distributed via malicious links and email attachments (phishing), infected software applications, remote access software, external storage drives, or vulnerable websites (Jelaš 2018; Jarjoui et al. 2021). Payment is often requested in virtual currency through opaque payment channels such as bitcoin (Jelaš 2018; Humayun et al. 2021; Jarjoui et al. 2021), cryptocurrencies being a preferred mode of payment. Over half of the organisations that pay a ransom have gone on to have a further ransomware attack by either the same or different cyber-criminals (FBI 2021a). Furthermore, extraordinary circumstances with regard to either natural disasters accentuated by climate change, the Covid-19 pandemic, and/or the outbreak of war between Russia and Ukraine can create disruption benefiting ransomware authors and their ability to infect more victims. An increasing trend of remote working during the Covid-19 pandemic has also made many organisations more vulnerable to ransomware (Oz et al. 2022) as the home workplace paradigm can result in weaker cybersecurity controls. Using a case analysis approach, the aim of this critical review is to explore aspects of organised crime being linked to ransomware attacks on food supply chains and the development of appropriate food defence strategies. The research question this paper seeks to address is that given the recent increase in ransomware attacks on food supply chains how can the food industry reduce its vulnerability? The paper conceptualises aspects of an effective food defence strategy at organisational and industry level that can be adopted to reduce vulnerability to extortion and sabotage via ransomware and to support effective ransomware response plans. The contribution the paper makes is to consider the countermeasures that can be implemented and to differentiate between preventive, detective and corrective security controls, an approach which is currently missing from the food supply chain management literature.
The paper is structured as follows. Section 1 is the introduction, Sect. 2 considers the methodological approach used in this study, Sect. 3 draws together the food defence vocabulary that will be used in the paper, and Sect. 4 considers specific cases of ransomware attacks associated with the food supply chain (food, beverage, agriculture) using publicly available information. Section 5 synthesizes the aspects of ransomware attack focused food defence strategies and response plans and Sect. 6 concludes the paper.
Methodology
The methodological approach employed was a structured, iterative review of existing academic and grey literature using keywords to frame the conceptual research and the narrative (Kowalska and Manning 2021). Iterative literature review is grounded by a foundational literature search using a series of iterative searches. The foundational keywords were ransomware, cyber-attacks, food supply chain, food industry, food defence, vulnerability, and countermeasures. In undertaking the keyword searches for a given combination of terms the first 100 items in each search were considered for relevancy and any duplication. The following databases were explored: Science Direct, Google Scholar, and Google. All relevant papers were then collated and the titles and abstracts read. The papers were then read in full and screened for relevance and value in supporting a discursive narrative and argument on the theme(s) in this paper.
The extent and breadth of potential cyber-attacks is demonstrated in the literature examined, but in this review only one specific type is considered, ransomware, and more specifically case analysis of ransomware attacks through critiquing publicly available information. To give context in terms of the threats that can occur in food supply chains malware (ransomware and worms) accounts for 38% of attacks, IoT based attacks (25%), DDoS (19%) and code injection attacks (SQL Injection, XSS), identify-based attacks (man in the middle) and phishing attacks all being 6% each (Rani et al. 2023).
The second stage of the research adopted a case study approach to identify cases of ransomware attacks in the food industry that could provide storylines with explanatory power and contextualised understanding (Smith et al. 2023). The case study method is an accepted data analysis approach to explain complex links in real-life contexts and situations where a particular activity has occurred; describe that activity or interventions more clearly and any resultant outcomes (Fathurrahman et al. 2021; Yin 1993, 1994). The case analysis in this review has not been designed to be exhaustive, but to give an insight into the depth and breadth of ransomware attacks for which focused defence strategies and response plans should be developed.
Food defence
Food defence is the “methodology and countermeasures taken to prevent and mitigate the effects of intentional incidents and threats to the food chain” (Davidson et al. 2017, p. 54). PAS 96 (2017) differentiates, in the context of food defence, between four types of threat, malicious contamination, extortion, espionage, and cyber-crime, however threats of ransomware encompass aspects of extortion, sabotage and cyber-crime. In terms of a food defence threat, it is appropriate and essential to revisit food defence plans and vulnerability assessments to ensure they effectively address ransomware and its potential consequences. Sabotage in this context is the actions that lead to deliberate damage, disruption, and destruction of both tangible assets, such as infrastructure or intangible assets including reputation or brand (Manning 2023).
There have been multiple examples of extortion attempts in food supply chains especially those related to baby food (Brainard and Hunter 2016; Cooney et al. 2016; Rojas 2017; FSA 2019; Jurica et al. 2019; Manning 2019; 2023). Extortion attempts have used chemical agents such as cyanide (Smith 2016; Jurica et al. 2019); pesticides or insecticides (Dalziel 2009; Busta and Kennedy 2011); herbicides (Cooney et al. 2016; Dalziel 2009); or rodenticides, ricin and cleaning fluid (Brainard and Hunter 2016). Extortion is as the illegal activities or actions undertaken by the perpetrator(s) towards a person, persons, organisation or government to obtain something they value e.g., money, assets, influence or impact often using force, intimidation or threats (Manning 2019; 2023). In the United States (US) law, extortion sits within a wider definition of racketeering (US Code 1961) where protection rackets, as a form of risk mitigation, are also examples of organised criminal activity. Food related racketeering implies rather than a one-off extortion attempt by individuals, a more formalised criminal activity linked to organised crime. Lavorgna (2023) argues that it is important here to differentiate between profit driven forms of organised crime, including cybercrime, and state-organised cybercrime. For a wider exposition on types of food criminals see Manning et al. (2016). Extortion and racketeering within the agricultural sector have been previously studied (Rusev 2016) often associated with exploitative labour practices (Nayak and Manning 2021); land racketeering (Asiedu 2020); inputs and fertiliser distribution (Oyetoro et al. 2015; White et al. 2022); as what some have described as the ‘food mafia’ or agromafie (Manning et al. 2016; Fanizza and Omizzolo 2019; Rizzuti 2022; White et al. 2022). Crime in this context can be seen as organised firstly in terms of the networks that are created for the implementation of criminal activities and the processing of the financial proceeds, and secondly organised in terms of the activities planned and implemented intentionally rather than as a responsive act.
Food defence threats
Food defence threats can be considered depending on whether they are firstly internal or insider threat, and secondly, an external threat. An insider threat can arise from an individual or group, (the threat agent) who “exploits his/her position, credentials, or employment to achieve trusted access to the means, processes, equipment, material, location, facility, and/or target” so they can cause harm (FDA 2019, p.38). Examples of a credible threat agents i.e., groups or individuals who would seek to perpetrate a food defence crime can be hacktivists, cybercriminals, disgruntled employees who intentional give information to others e.g. security codes, verification codes to give access to computer systems, domestic and international terrorists, organised crime organisations and networks, extortionists, saboteurs and other malevolent individuals/groups. Internal threat agents could include contractors and visitors who visit a business site, former and current employees, and individuals who work for suppliers (Baybutt 2002; Manning 2023). External threat agents are activists, cyber-criminals, ideological groups, extortionists or saboteurs or individuals seeking retribution who may instigate an attack (Baybutt 2002; Manning 2023). Cyber-criminal threat actors, in particular, “exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems” (FBI 2021a, p.1). An example of a ransomware attack that appeared to be a form of revenge attack was in 2021 when insurance giant AXA was hit by a ransomware attack within days of announcing it would stop providing cover for ransomware attacks in France (Woollacott 2021).
The threat target, the intended victim, can be an organisation, a government or a country. Examples in this paper include Dole plc, JBS among others. The threat can be direct i.e., the attack is directly aimed at the intended victim, or the agent may aim to affect both the direct target, and a number of indirect targets. For example, the organisation that is subject to a ransomware attack may be directly affected, and their logistical supply chain, and their production processes disabled (Latino and Menegoli 2022) as was shown in the Dole plc incident in 2023 (Jones 2023a). However, as a result of the attack there may be indirect effects such as market and public concern for immediate food security, retail stores may be unable to process digital payments, whole supply chains may shut down and consumers may be unable to purchase food products. Large organisations may be chosen as a threat target, because of their capacity to pay a larger ransom, or for the larger impact of any shut down of food supply chains, while small organisations, especially where they are moving from analogue methods to digitalising their processes, may be seen as more vulnerable because they may lack the awareness of the threat or the means to mitigate the risk i.e., they are a soft target (FBI 2021a).
Gazet (2010) states there are three stages to a ransomware attack: seeking or information gathering, extortion, and then financial claiming. Al-rimy et al. (2018) list some additional phases between the seeking phase and the extortion phase: the distribution phase, reconnaissance phase, the preparation phase, hijacking phase and then the extortion phase. Herrera Silva et al. (2019) alternatively position that there are four stages of a ransomware assault, i.e., infection, encryption, demand, and outcome (data is recovered, data is lost or data is made public). Matthijsse et al. (2023) define the steps as follows: the development and/or sale of the ransomware, gaining access, infection, encryption, extortion, cash-in, emancipation, money laundering and cash-out. Al-rimy et al. (2018, p.153) summarise that in.
-
the distribution phase, the ransomware is prepared and sent via techniques such as email attachments or downloads into the target(s)’ system,
-
the reconnaissance phase, the ransomware explores the target’s environment collating information “about devices, platform type, OS version and installed programmes;”
-
the preparation phase, the ransomware looks for targets “resources such as user’s files, resources and accessibility functions” and readies the encryption key,
-
the hijacking phase, the targeted resources are locked and/or encrypted, and then.
-
the extortion phase, a message is sent to the target together with payment instructions.
Matthijsse et al. (2023) focus on the post-payment phases of the money laundering through currencies such as bitcoin to other cryptocurrencies and currencies, sharing proceeds with affiliates.
Food defence attacks
The attack may be a single threat attack with no co-ordination with other activities and at a single point, process, organisation, critical service or level in the supply chain. Alternatively, a multiple threat attack has multiple instances and/or multiple points where the food defence attack is perpetrated (Manning 2019; 2023). In the context of cyberattacks this type of combined attack could involve multiple layers of attack often described as multi-extortion ransomware or multifaceted extortion which may include not only encrypting files, but also distributed denial of service (DDoS), file exfiltration or extension of ransom demands to other supply chain partners (Paloaltonetworks 2023). Double extortion, for example could include encrypting and exfiltrating files. Cyber-criminals can attack information technology (IT) and business activities linked to operational technology (OT) assets (FBI 2022a). Ransomware can target specific vulnerabilities such as legacy OT systems and equipment that lacks contemporary security features (Kapko 2022). Vulnerability is increased when OT is not sufficiently separated from IT such as through email systems where phishing attacks may occur (Demetrakakes 2022). This means that OT assets can be affected and compromised, irrespective of whether the initial target at the organisation was IT or OT (FBI 2021a).
Ransomware attacks can disrupt organisations and infrastructure affecting energy security; and logistics (Mahoney et al. 2022) and as a result the resilience of food systems. The adoption of Internet of Things (IoT) in the food supply chain to promote real-time monitoring and field to fork traceability includes the use of interconnected sensors, testing equipment, associated hardware, software and decision support tools that support digitalisation also creates greater vulnerability to a cyber-attack (Latino and Menegoli 2022). The challenge for digital, smart food supply chains in terms of their exposure to greater risk of cyber-attacks is gaining more recent attention in the literature (see Luque et al. 2017; Kandasamy et al. 2020); i.e., as digitalisation increases the attack surface increases (FBI 2021a).
Drawing together information, or threat intelligence, about known food defence threats and previous incidents, threat agents, their tactics, techniques and activities can reduce vulnerability (Muckin and Fitch 2019) and build resilience; by improving preparedness (Wiśniewska 2015 and references therein).
Food defence vulnerability assessment and countermeasures
Food defence vulnerability assessment has previously focused on product adulteration and threats via the food product in terms of food fraud (van Ruth et al. 2017; Ruth et al. 2018; Yang et al. 2019; Manning and Soon 2019; Soon et al. 2019a; Yan et al. 2020; Song et al. 2021; Rezazade et al. 2022) and wider food defence threats (FDA 2019; Manning 2019; 2023) in order to ensure appropriate countermeasures are implemented to reduce the risk of food defence threats being realised or to reduce their public health or economic impact (Spink et al. 2015; Manning and Soon 2016; Manning 2019; 2023). Countermeasures are security measures that are adopted to reduce the likelihood of criminal opportunity in food supply chains (Spink et al. 2015). Countermeasures are designed and adopted to reduce the capability and opportunity for threat agents to be enacted (Manning 2019); and if they are enacted, to limit the impact of that action or actions (Mitenius et al. 2014). There is a multiplicity of descriptions of food defence countermeasures in the food industry which has been summarised in Table 1 with particular reference to examples that address ransomware attacks. This includes general/global countermeasures or specific, detective, preventive or corrective, hard or soft, passive (including proactive) or reactive, countermeasures often being hurdles or guardian related.
There are several food defence approaches that are applied in the food industry, e.g., Threat Assessment Critical Control Point (TACCP), EU 5-point action plan, CARVER + Shock that consider concerns regarding cyber-security. Davidson et al. (2017) link both methodology and countermeasures as aspects of food defence strategies. Furthermore, the four “A’s” of food defence (assess the risks, control/restrict, access to selected areas, provide real-time alerts, and perform regular and random audits) have been promoted for building a proactive and comprehensive food defence programme (Manufacturing.net 2022). The term proactive has positive connotations and emphasizes the role of careful protocol design which is reviewed and updated on a regular basis.
Bendovschi (2015) identifies three types of cyber-security countermeasures: preventive security controls that help to prevent the realisation of a threat; detective security controls that have a role in identifying a particular threat and corrective security controls that are implemented in the situation that a threat attack occurs. These terms align with those found in Table 1. Voyiatzis et al. (2022) also argue that proactive countermeasures such as protocol design, can create systems that are inherently resistant to active attacks. Latino and Menegoli (2022) in their review of extant literature in the food and beverage industry consider potential vulnerabilities and the cyber-security countermeasures proposed to reduce the risk of a cyber-related food defence incident. Countermeasures can be focused on the asset or the risk, whereby applying the countermeasure should reduce risk of a ransomware attack, however the choice of countermeasure(s) is important as the incorrect countermeasures can expose the organization to greater risk (Sánchez-García et al. 2023). The next section of the paper considers ransomware in more detail and specific cases of ransomware attacks associated with the food supply chain (food, beverage, agriculture) using publicly available information and data.
Ransomware attacks associated with the food supply chain
Instances of cyber-attacks show that food, beverage and agriculture organisations who are victims of a ransomware attack experience loss of proprietary information, personally identifiable information, reputational damage, and significant financial loss from a failure in operations, loss of productivity (in part as a result of downtime or data recovery), remediation costs and the financial cost of a ransom, if paid (FBI 2021a). In this context, a cyber-attack is considered as an intentional action taken against hardware, software or data in computer systems or a network (Denning and Denning 2010). This section presents ransomware statistics and cases of ransomware attacks on food supply chain in order to demonstrate the seriousness of the problem identified and raise awareness among both private and public sector decision-makers on different aspects of ransomware defence in the food industry.
Ransomware statistics and trends
Data shows that the US is the key target of ransomware attack across the world (Humayun et al. 2021). In 2021, cyber-security authorities in the US (the Federal Bureau of Investigation (FBI), the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), Australia (the Australian Cyber Security Centre (ACSC), and the United Kingdom (the United Kingdom’s National Cyber Security Centre (NCSC-UK) noted an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally in food and agriculture and other critical infrastructure sectors like healthcare and public health (CISA 2022). According to information submitted to the FBI’s Internet Crime Complaint Centre (IC3), the top ransomware variant victimising the food and agricultural sector was CONTI (FBI 2021b). Ransomware statistics regarding the complaints and victim losses in the US released by the FBI’s IC3 over the period 2013–2021 have been collated (Fig. 1). The average ransomware loss attributable to complaints submitted to IC3 over the decade rose exponentially over the period (Fig. 1).
![figure 1](http://media.springernature.com/lw685/springer-static/image/art%3A10.1007%2Fs12117-023-09516-y/MediaObjects/12117_2023_9516_Fig1_HTML.png)
(Source: Own elaboration based on (FBI 2022b)
Ransomware statistics regarding complaints and victim loss in the US released by the FBI’s IC3 over the period 2013–2021.
The FBI ransomware statistics include only information on complaints, so they give limited cross association with the number of ransomware attacks specifically. In 2021, the IC3 received 847,376 complaints from the American public (ca. 2,300 a day) including 3,729 complaints identified as ransomware. The number of complaints regarding ransomware incidents was up by 50.7% when compared with 2020. The 2021 analysis reported losses amounting to more than $49.2 million, which represents a 68.8% increase in losses from 2020. The value of the ransomware losses outlined here does not include estimates of lost business, wages, time, files, or equipment, or any third-party remediation services acquired by a victim.
Keshavarzi and Ghaffary (2023) estimated the number of global ransomware attacks and the associated financial costs confirming that despite a slight slowdown in the growth trend of the number of ransomware incidents in 2019, the number of these cyber-attacks once again increased in 2020. The approximate costs of damage associated with global ransomware rose exponentially over the period 2016–2020 (Fig. 2). The approximate costs of global ransomware incidents in 2020 increased by 74% over the previous year, amounting to 0.02% of world gross domestic product or GDP (IMF 2022).
Food and agricultural ransomware incidents
CISA has identified food and agriculture as one of 16 US critical infrastructure sectors, where 14 out of the 16 critical infrastructure sectors were reported as being compromised by ransomware in 2021 (FBI 2022a). The US food and agriculture infrastructure extends to 2.1 million farms, 935,000 food service outlets/restaurants and at least 200,000 production and processing facilities (Kapko 2022). The US has also been the leading global exporter of wheat over the past twenty years and one of the top 5 exporters of beef and veal preparations, sugar and syrups (FAOSTAT 2022). Hence, cyber-incidents or attacks in the US food and agriculture sector are likely to have a significant impact on food security both in the US, and for those countries that are net importers of food from the US. Vulnerability has also increased as the number of connected internet of things (IoT) devices in global supply chains has increased, believed to be 30.73 billion devices by the end of 2020 (Rani et al. 2023).
Likewise, cyber-incidents associated with other major global players in the agri-food market can affect food prices and food supply, and negatively affect food and nutrition security, particularly in low-income households. The rapidly growing number of ransomware attacks in the US in autumn 2021 and spring 2022 led the FBI to highlight that companies supplying seed and fertiliser may be seen as potential threat targets as they would be willing to pay a ransom because operations are so time critical (FBI 2022a).
More generally, the first known ransomware attack is reported to have occurred in 1989 with the AIDS Trojan (Kalaimannan et al. 2017). Denial of Resources (DoR) ransomware then followed. Over the next twenty-five years, ransomware became more sophisticated. From 2013 through to 2015, CryptoLocker and then CryptoWall is reputed to have led to cyber-criminals gaining $45 million from their victims (Choi et al. 2016). Crypto-ransomware encrypted files and later Locker-ransomware locked the system screen, but the data was not hacked so data could be recovered and moved to another functioning device (Chesti et al. 2020). The next level of ransomware that emerged attacked android devices until Petya emerged in 2016 which led to hardware being inaccessible (Chesti et al. 2020).
In May 2017, a variant of ransomware called WannaCry targeted individuals using Microsoft Windows systems affecting over 200,000 computers worldwide (Jones 2017). In June 2017, Petya infected systems in more than 2,000 companies, including the food industry with Mondelez in the US being affected by NotPetya (Keremidis et al. 2013; Latino and Menegoli 2022), when emails and files were unavailable and logistics software failed (Satariano and Perlroth 2019), affecting 1,700 servers and 24,000 laptops which were suddenly and permanently unusable and leading to total losses of around $100 million (Lubin 2022). Another source suggests the Mondelez’s loss was $188 million, and the total global economic impact of this ransomware was as high as $10 billion (Greenberg 2018). In the same attack Maersk, a Danish shipping company, with a fifth of the entire world’s shipping capacity with its 76 ports around the world, 800 vessels and ten million tons of cargo was brought to a standstill, with overall losses of $300 million (Greenberg 2018). FedEx faced losses in the same attack of $400 million; and Merck, the pharmaceutical company, £800 million (Greenberg 2018; Taddeo 2019). The challenge with NotPetya was that even when a ransom was paid the data affected could not be recovered (Tatar et al. 2021). The vulnerability arose because cyber-criminals exploited a ‘back door’ through a previous attack on tax software called M.E.Doc wherein automatic updates through that software caused the malware to be transferred, almost instantaneously, to systems across the world (Tatar et al. 2021). In 2017 the NotPetya threat was linked to malfunction of freezers in the food industry that were connected to control systems (Rani et al. 2023). Refrigerators in the food industry were the point of attack for the Mirai malware in 2016 (Tushir et al. 2021); VPN Filter malware which performed DDoS attacks in 2018 (Sapalo Sicato et al. 2019), and the 2017 BrikerBot malware which disabled IoT devices including refrigerators (Rani et al. 2023).
Since 2017, ransomware attacks have increased in terms of their frequency and the level of sophistication, including ransomware as a service (RaaS) and the vulnerability is not wholly within the computer-based systems, but also other appliances that are connected to the internet (Chesti et al. 2020). RaaS is where groups can ‘facilitate ransomware attacks by selling or licencing malicious code’ to others who wish to attack nation states or large corporations with a view to claiming a ransom (Martin and Whelan 2023). In 2019, there was a wave of a ransomware attack in the US, where 90% of the Fortune 500 companies were affected by this malware (Humayun et al. 2021). The advent of the Covid-19 pandemic saw cyber-attacks on healthcare services and more widely e.g. phishing, malware and compromise of communication platforms (Lallie et al. 2021). Examples of cyber-attacks on the food supply chain have been chronologically collated in Table 2.
One attack of note during the Covid-19 pandemic concerned the world’s largest meat processing company, Brazilian-based JBS. The attack over the Memorial Day weekend in May 2021 (Demetrakakes 2022) shut down facilities in the US, Canada and Australia (CSIS nd). This led to major disruption as the US subsidiary processed around 20% of the countries’ meat supply (Kapko 2022). The organised cyber-attack was attributed to the cyber-crime group, Sodinokibi/REviL and resolution within four days following payment of a ransom of US $11 million in bitcoin (Best 2022; Duncan et al. 2022). The temporary shutdown reduced the number of cattle and pigs slaughtered, leading to shortages in the US meat supply and wholesale meat prices increased by 25% (FBI 2021b). JBS paid the ransom to mitigate damage to supply chain partners of a prolonged incident (Duncan et al. 2022). The attack also halted operations in forty-seven sites across Australia (Taylor 2021). The pork industry was hit again in autumn 2022 with the ransomware attack on Maple Leaf in Canada (Bedard 2023).
Providers of seeds, fertilisers, farm services and so on are often more likely to be attacked than the individual farms themselves. A significant disruption of the provision of agricultural inputs has cascading effects within the entire food supply chain, “from farm to fork”. Similarly, a disruption of the production of stable crops or the supply of water could adversely affect the whole food supply chain. The data collated in Table 2 show that ransomware attacks on food logistics companies are especially frequent. Such incidents communicated through the media threaten the image of the organisations and the food industry of the country attacked and adversely can affect trade relations with other countries.
The purpose of this section has been to demonstrate the vulnerability of the food industry to ransomware attacks and to demonstrate that the risk of an attack needs to be recognised by food organisations and effective surveillance and reactive defence protocols need to be in place. The drive in the upper world for greater digitalisation to improve efficiency and to drive better resource efficiency and to deliver system level strategies such as net zero also creates vulnerability to an underworld that is seeking to use these trends ‘for their own ends’ (Galeotti 2002). However, the interaction between the upper world in terms of state power, governments and business organisations and the underworld via organised crime has been described as a shadow state (Schmid 2018; Lavorgna 2023).
Ransomware attack focused defence strategies and response plans
This section of the paper considers ransomware attack focused defence strategies and response plans using the framing of Bendovschi (2015), namely preventive security controls that help to prevent the realisation of a threat, detective security controls that have a role in identifying a particular threat and corrective security controls that are implemented in the event that a threat attack occur. The first part of this section considers business orientated defence strategies and response plans, the second part wider regulation and governance issues.
Preventive security controls can be categorised as policies and practices and security measures (Table 3). Policies and practices adopted by organisations include recovery plans, and system design to segment and secure specific locations. There are multiple security measures that need to be adopted by organisations to reduce the risk of being victims of a cyber-attack or general ransomware attack (see Table 3). To increase the efficiency of the food defence strategy, it’s design and implementation should actively involve representatives of all departments of an organisation including IT specialists, food technologists and operational staff and key suppliers.
Organisational preventive security controls
The first and foremost reactive measure taken with a view to fighting a specific ransomware attack is reporting a suspicion of an attack in an organisation. Malik et al. (2022) state that as it is nearly impossible to recover the data once encrypted, the best approach to limit the impact of a ransomware attack is to detect it at its initial stage and remove the threat before any damage is done. Proactively this means developing a strategy to reduce entry points where attackers can get access to the data. As highlighted previously in this paper the embedding of technology within food manufacturing is a particular area where vulnerabilities can occur i.e., as IoT enabled devices can be vulnerable to cyberattacks, this challenge could compromise production processes, privacy and sensitive data such as product recipes may be at risk (Soori et al. 2023). Thus, preventive security controls must be included in an organisation’s food defence plan. A food defence plan is a set of written documents that include a vulnerability assessment, defined food defence mitigation strategies, and protocols for food defence monitoring, corrective action, and verification (FDA 2019). In this context food defence guardians monitor and protect food production systems in terms of food defence threats (Cohen and Felson 1979). Hurdles are the physical hurdles or structural assets (hard controls) that prevent a food defence threat or procedures, protocols or policies (soft controls) (see Manning 2023 for a wider discussion).
Preventive security controls that prevent the realisation of a threat encompass soft controls such as policies and practices (Table 3) and security measures that can be both hard controls and soft controls adopted as singular practices or multiple practices across one work activity or the whole organisation. It is crucial to be prepared for ransomware attacks and to backup data on a regular basis as about 29% of organisations who have paid a ransom, still could not recover more than half of their encrypted data (Winder 2023). Training of all staff to raise awareness about the risks of suspicious links and attachments in emails and files is also important as well as regular refresher updates is another example of preventive food defence soft controls. Beaman et al. (2021) highlight that raising users’ awareness and educating them using information about ransomware attacks is important to reduce vulnerability. Other ransomware countermeasures include implementing password protocols, multi-step verification for logging onto systems, and developing protocols for remote access, use of wireless connections and file sharing. Further countermeasures are summarised in Table 3. Preventive security controls need to be continually reviewed because cyber-criminals seeking to extort money will evolve their strategies as organisational control measures evolve (Cartwright and Cartwright 2023).
Detective security controls
Detection methods are designed to provide active, agile protection against both known and unknown ransomware. In response to this challenge, McIntosh et al. (2021) propose a user-centric dynamic access control framework for detecting ransomware-like behaviours. Detective security controls encompass misuse detection which relies on using signatures of known malware and behavioural detection and searching for the activities of ransomware (Al-rimy et al. 2018). Reshmi (2021, p.2) states that ransomware signatures are a form of fingerprint that can be used to detect an actual attack, but they can give false positives. The anomaly detection-based analysis “uses different metrics such as network traffic detection, abnormal process calls and other traffic detection for malicious activity identification.” Malik et al. (2022) suggest heuristic-based detection (e.g. machine learning models) should be adopted rather than relying on the previous signature-based detection methods. If detection systems generate a high number of false positives, this requires a human then to manually review each of them to determine the level of accuracy (Beaman et al. 2021), but this is time consuming in a crisis situation.
Corrective security controls
Corrective security controls involve enacting a recovery plan with an incident response team identifying the critical functions and systems within the organisation and then developing alternative operations plan(s) should systems go offline. These need to be pretested to assure their efficacy. One challenge is that the recovery plan may need to be actioned across multiple sites in multiple locations and time zones, and between organisations where an attack can have a ‘spillover effect’ from one organisation to others (Cartwright and Cartwright 2023). Some government bodies recommend victims not to pay the ransom because there is no guarantee that they will get access to the data or computer, the computer equipment, software, data or other property will still be infected, they will be paying criminal groups and they are more likely to be targeted in the future (NCSC 2021). Based on interviews conducted among ransomware victims (organisations) and police officers from cybercrime units in the UK, Connolly and Borrion (2022) have found out that victims often perform cost-benefit analysis before deciding whether to pay the ransom; and their capability to pay, both financially and practically, is a major factor in the decision. Fear is a crucial motivating factor to pay the ransom. Perpetrators may threaten the victim with the risk of a General Data Protection Regulation (GDPR) fine. The findings of Connolly and Borrion (2022) show that there are ”hard” and “soft” elements that play a role in the decision (not) to pay the ransom which relate to (1) financial considerations related to effectiveness, difficulty and cost of the recovery, reputational risk and potential fines (“hard”), and (2) lack of knowledge, poor advice, collusion, morality, feeling of responsibility, pressure, uncertainty and trust (“soft”). These are worthy of further study in developing ransomware defence strategies to combat organised cyber-criminal groups attacking the food supply chain.
Teichmann et al. (2023) suggest that incident response plans should follow a specific strategy: preparation, identification, containment, eradication, recovery. And learning and the incident plan needs to strongly align with a business continuity plan as part of an integrated cybersecurity strategy.
Wider governance and regulatory countermeasures
Ransomware has only been gaining prominence over the last decade as an active threat to organisations, supply chains and food supply chains in particular so there is a concern that developments are outpacing the governance and control structures that are in place (Cartwright and Cartwright 2023). Ransomware attacks are a critical crypto-currency based crime (Teichmann et al. 2023). The diversity of organisations and the range of stakeholders in food supply chains as well as their level of awareness of, and preparedness for a ransomware attack mean that one vulnerability point, if attacked can have a cascading effect in terms of impact (Gazzan and Sheldon 2023). Cartwright and Cartwright (2023, p.12) assert that supply chains need to be viewed holistically and not as individual organisations or activities when developing ransomware defence strategies so an organisation may need to “actively invest in the cyber security of suppliers” to develop a network resilience strategy and supply chain level approach to any organisation being prepared to pay a ransom. Further, establishing open ransomware libraries as a global public good could support organisations worldwide in developing threat prevention strategies. The challenge in embedding this approach is determining who would finance such a countermeasure and whether it should be underpinned by mandatory reporting of ransomware attacks under specific international law.
Governance frameworks to address the risk of ransomware attacks, whether they are enacted at the regulatory or supply chain level need to address the integration of situational threat intelligence with the development of a risk assessment process (Gazzan and Sheldon 2023). Traditional food defence strategies are based on existing tools such as threat analysis critical control point (TACCP) or vulnerability analysis critical control point (VACCP) or SSAFE tools (Manning 2023). Whilst these are of value they are not specific enough to address the threat of ransomware. Gazzan and Sheldon (2023) suggest the development of.
-
an asset list (all hardware, software, data, digital and cloud services, and applications and also procedures, protocols and communication channels). The asset list should be ranked in terms of their importance to the organisation and their vulnerability to a cyber-attack and the priority could vary in given situations or when new assets are utilised by the organisation, upstream with the supply base and downstream with a customer;
-
a situational threat list (which includes all realistic threats against both data and devices such as new sensors, IoT technologies, data storage or processing activities and level of dependency on the data and devices), and.
-
a situational vulnerability list (which is a list that includes not only the assets that are potential targets but also operating conditions e.g. backup procedures and protocols, and the resources available) which in turn can inform the risk assessment.
Nation states, or their proxy actors, are increasingly being implicated in cyber-attacks against other nation states or critical infrastructure (Martin and Whelan 2023) from energy, to civil infrastructure to food supply chains. Nation state engagement may vary between active involvement and collaboration, tacit encouragement or passive wilful blindness (Grabosky 2015; Martin and Whelan 2023). The challenge with seeking to combat state crime as an individual organisation is that there can be significantly powerful actors, within a wider geopolitical environment who have access to a wealth of resources to support their activities and they may be insulated from any intervention or prosecution. Whilst cyber-related situational awareness and risk assessment processes have been considered for energy infrastructure (Gaskova and Galperova 2023), there has been no application in food supply chains, a research gap worthy of addressing. The research question posed in this paper was given the recent increase in ransomware attacks on food supply chains how can the food industry reduce its vulnerability? One key step is the development of cyber situational awareness and cyber crime prevention tools that extend beyond current tools such as TACPP and VACCP in order to reduce the vulnerability of the food supply chain to ransomware attacks.
Concluding thoughts
The food and agricultural sector is a critical infrastructural sector in the global economy. Food supply and associated assets, systems, and networks are vital to any country wherein their incapacitation or destruction would have a debilitating effect on security, the national economy, public health or safety. Ransomware is a particular cause for concern. The disruption of food supply chains through the Covid-19 pandemic, the Russia-Ukraine war and the worsening of the global economy is conducive to the illegal activities of cyber-criminals and wider organised crime (Gradoń 2020; Aziani et al. 2021; Riccardi 2021; Rizzuti 2022). To prevent the financial impact and to assure food security, there is a need for effective approaches to prevent, detect and mitigate criminal activities associated with ransomware attacks within a wider food defence strategy. In terms of soft countermeasures, there is a key role for organisational protocols designed to prevent, detect and minimise the risk of ransomware incidents. Given the recent increase in ransomware attacks on food supply chains or rather food supply chain networks, there is an urgent need to develop governance framework to address the risk of ransomware attacks. Effective governance solutions require collaboration between government and the private sector. Both regulators and organisations should support the development of food supply network resilience strategy. Setting up of an open ransomware library under the rules of private international law could support governments and organisations worldwide in developing good governance structures that serve the industry and consumers.
Food defence strategies have historically focused on intentional acts such as extortion and sabotage as threats, but often in terms of physical rather than cyber-related attacks. Ransomware can operationalise both extortion and sabotage, but the perpetrators are remote, non-visible and often anonymous. The globalisation, automation and digitalisation of production systems, and integration of food supply chains increases the level of vulnerability to ransomware. Organisations need to adopt an effective food defence strategy that reduces the risk of a ransomware attack and can enable targeted and swift action in the event an incident occurs. Even if food defence strategies have been usually focused on protecting food products from being misrepresented, as shown in food fraud/defence literature, the countermeasures suggested can also reduce the risk of a ransomware attack (see Table 1). This issue could be discussed more broadly in future research. Surveying food business operators that have designed and implemented cybersecurity and food defence strategies and the learnings derived would be of value to numerous stakeholders. The integration of cyber-related situational awareness protocols with risk assessment processes would potentially reduce the vulnerability of the food industry to cyber-attacks.
The principal conclusions are that: (1) currently, an effective food defence strategy must address the risk of ransomware attacks, due in particular to the development of digitalization within food supply chains; (2) accurate protocol design should create systems which are inherently resistant to cyber-attacks; (3) good functioning of an open ransomware library would provide a support for governments and organisations which must cooperate in creating a fair and safe market place. This review is of potential interest to academics, policy makers and those working in the industry who need to develop such strategies.
Data availability
Not applicable.
References
Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Computers & Security 74:144–166. https://doi.org/10.1016/j.cose.2018.01.001
Asiedu SB (2020) Securing Land transactions with biometric data in Ghana. Afr J Land Policy Geospatial Sci 3:96–109. https://doi.org/10.48346/IMIST.PRSM/ajlp-gs.v3i2.19885
Aziani A, Bertoni GA, Jofre M, Riccardi M (2021) COVID-19 and organized crime: strategies employed by criminal groups to increase their profits and power in the first months of the pandemic. Trends in Organized Crime 1–22. https://doi.org/10.1007/s12117-021-09434-x
Baybutt P (2002) Assessing risks from threats to process plants: threat and vulnerability analysis. Process Saf Prog 21:269–275. https://doi.org/10.1002/prs.680210403
BBC News (2022a) REvil ransomware gang arrested in Russia. https://www.bbc.co.uk/news/technology-59998925. Accessed 19 April 2022
BBC News (2022b) KP Snacks hack prompts crisp and nut supplies warning. https://www.bbc.co.uk/news/technology-60230077. Accessed 19 April 2022
Beaman C, Barkworth A, Akande TA, Hakak S, Khan MK (2021) Ransomware: recent advances, analysis, challenges and future research directions. Computers & Security 111:102490. https://doi.org/10.1016/j.cose.2021.102490
Bedard D (2023) Cyberattack a $23 million hit on Maple Leaf ledger https://www.agcanada.com/daily/cyberattack-a-23-million-hit-on-maple-leaf-ledger Accessed 12 August 2023
Bendovschi A (2015) Cyber-Attacks – Trends, Patterns and Security Countermeasures. Procedia Economics and Finance 28:24–31. https://doi.org/10.1016/S2212-5671(15)01077-1
Best D (2022) Frozen-food firm Apetito hit by cyber attack. https://www.just-food.com/news/frozen-food-firm-apetito-hit-by-cyber-attack/. Accessed 10 August 2022
Brainard J, Hunter PR (2016) Contextual factors among indiscriminate or large Attacks on food or water supplies, 1946–2015. Health Secur 14:19–28. https://doi.org/10.1089/hs.2015.0056
Busta FFF, Kennedy SP (2011) Defending the safety of the global food system from intentional contamination in a changing market. In: Hefnawy M (ed) Advances in Food Protection. NATO Science for Peace and Security Series A: Chemistry and Biology. Springer, Dordrecht, pp 119–135. https://doi.org/10.1007/978-94-007-1100-6_7
Byrne J (2020) Danish Agro dealing with aftermath of ransomware attack. https://www.feednavigator.com/Article/2020/05/12/Danish-Agro-dealing-with-aftermath-of-ransomware-attack. Accessed 14 August 2022
Cartwright A, Cartwright E (2023) The economics of ransomware Attacks on integrated supply chain networks. Digit Threats: Res Pract. https://doi.org/10.1145/3579647
Celdrán AH, Sánchez PMS, Castillo MA, Bovet G, Pérez MG, Stiller B (2022) Intelligent and behavioral-based detection of malware in IoT spectrum sensors. Int J Inf Secur. https://doi.org/10.1007/s10207-022-00602-w
Centre for Strategic and International Studies (CSIS) (nd) Significant Cyber Incidents. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents. Accessed 10 August 2022
Chesti IA, Humayun M, Sama NU, Jhanjhi NZ Evolution, mitigation, and prevention of ransomware. In: 2020 2nd International Conference on Computer and, Sciences I (2020), October (ICCIS). IEEE, pp 1–6
Choi KS, Scott TM, LeClair DP (2016) Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory. Int J Forensic Sci Pathol 4:253–258. https://doi.org/10.19070/2332-287X-1600061
Cohen LE, Felson M (1979) Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review 44(4):588–608
Connolly AY, Borrion H (2022) Reducing Ransomware Crime: Analysis of Victims– Payment Decisions. Computers & Security 119:102760. https://doi.org/10.1016/j.cose.2022.102760
Cooney TP, Varelis P, Bendall JG (2016) High-throughput quantification of Monofluoroacetate (1080) in milk as a response to an Extortion threat. J Food Prot 79:273–281. https://doi.org/10.4315/0362-028X.JFP-15-405
Crystal Valley (2021a) Important Notice. https://www.crystalvalley.coop/about-us/news/article/important-notice. Accessed 10 June 2022
Crystal Valley (2021b) Cyber-Attack update. https://www.crystalvalley.coop/about-us/news/article/cyber-attack-update. Accessed 10 June 2022
Dalziel GR (2009) Food Defense Incidents 1950–2008: A chronology and analysis of incidents involving the malicious contamination of the food supply chain. Report. Centre of Excellence for National Security (CENS). S Rajaratnam School of International Studies, Nanyang Technology University, Singaporehttp://www.cold.org.gr/library/downloads/Docs/Food%20Defence%20Incidents.pdf. Accessed 10 June 2022
Davidson RK, Antunes W, Madslien EH, Belenguer J, Gerevini M, Perez TT, Prugger R (2017) From food defence to food supply chain integrity. Br Food J 119:52–66. https://doi.org/10.1108/BFJ-04-2016-0138
Demetrakakes P (2022) How Cybercriminals Break into Food and Beverage Plants. https://www.foodprocessing.com/articles/2022/cybercriminals-food-and-beverage-plants/. Accessed 9 August 2022
Denning PJ, Denning DE (2010) Discussing cyber attack. Communications of the ACM 53:29–31. https://dl.acm.org/doi/fullHtml/10.1145/1810891.1810904
Duncan S, Carneiro R, Braley J, Hersh M, Ramsey F, Murch R (2022) Cybersecurity: Beyond ransomware: securing the digital food chain. Food Australia 74:36–40
Eller D (2021) Iowa grain cooperative target of cyberattack by Russian-linked hacker. https://eu.desmoinesregister.com/story/money/agriculture/2021/09/20/russia-linked-cyberattack-blackmatter-ransomware-iowa-grain-cooperative/5788957001/. Accessed 10 June 2022
Etemadi N, Borbon YG, Strozzi F (2020) Blockchain technology for cybersecurity applications in the food supply chain: A systematic literature review. In: Proceedings of the XXIV Summer School “Francesco Turco”—Industrial Systems Engineering, Bergamo, Italy, pp 9–11
Fanizza F, Omizzolo M (2019) Caporalato. An authentic agromafia [Caporalato. Uma autêntica agromáfia]. Mimesis, Milan
FAOSTAT (2022) Crops and livestock products. https://www.fao.org/faostat/en/#data/TCL. Accessed 31 October 2022
Fathurrahman RN, Rukayadi Y, Fatimah UU, Jinap S, Abdul-Mutalib NA, Sanny M (2021) The performance of food safety management system in relation to the microbiological safety of salmon nigiri sushi: a multiple case study in a Japanese chain restaurant. Food Control 127:108111. https://doi.org/10.1016/j.foodcont.2021.108111
FDA (2019) Mitigation Strategies to Protect Food Against Intentional Adulteration: Guidance for Industry. U.S. Department of Health and Human Services Food and Drug Administration Center for Food Safety and Applied Nutrition March 2019. https://www.fda.gov/downloads/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/UCM611043.pdf. Accessed 22 July 2022
Federal Bureau of Investigation (FBI) (2021a) Private Industry Notification: Cyber Criminal Actors targeting the Food and Agriculture Sector with Ransomware Attacks. 1 September 2022. https://s3.documentcloud.org/documents/21053957/fbi-tlp-white-pin-cyber-criminal-actors-targeting-food-agriculture-sector-ansomware-attacks-9-1-21.pdf. Accessed 8 August 2022
Federal Bureau of Investigation (FBI) (2021b) Internet Crime Report 2021. https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf. Accessed 31 October 2022
Federal Bureau of Investigation (FBI) (2022a) Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons. Private Industry Notification. 20 April 2022. https://www.ic3.gov/Media/News/2022/220420-2.pdf. Accessed 8 August 2022
Federal Bureau of Investigation (FBI) (2022b) 2013–2021 IC3 Annual Report. https://www.ic3.gov/Home/AnnualReports?redirect=true. Accessed 16 November 2022
Frigobandeira (2022) Nota informativa sobre brecha de seguridad en sistemas informáticos de Frigoríficos Bandeira. https://www.frigobandeira.com/nota-informativa-sobre-brecha-de-seguridad-en-sistemas-informaticos-de-frigorificos-bandeira/. Accessed 1 October 2022
FSA (Food Standards Agency) (2019) “Heinz and Tesco recall 7 + months Heinz By Nature baby food jars because a product purchased from Tesco has been tampered with”. https://www.food.gov.uk/news-alerts/alert/fsa-prin-52-2019. Accessed 10 June 2022
Galeotti M (2002) Transnational organized crime: law enforcement as a global battlespace. Small Wars and Insurgencies 13(2):29–39. https://doi.org/10.1080/09592310208559179
Gaskova D, Galperova E (2023) Decision Support in the Analysis of Cyber Situational Awareness of Energy Facilities. Engineering Proceedings 33(1):31. https://doi.org/10.3390/engproc2023033031
Gazet A (2010) Comparative analysis of various ransomware virii. J Comput Virol Hacking Techniques 6:77–90. https://doi.org/10.1007/s11416-008-0092-2
Gazzan M, Sheldon FT (2023) Opportunities for early detection and prediction of Ransomware Attacks against Industrial Control systems. Future Internet 15(4):144. https://doi.org/10.3390/fi15040144
Grabosky P (2015) Organized Cybercrime and National Security. In: Smith R, Cheung R, Lau L (eds) Cybercrime risks and responses. Palgrave Macmillan, London, UK
Gradoń K (2020) Crime in the time of the Plague: fake news pandemic and the challenges to law-enforcement and intelligence community. Soc Register 4:133–148. https://doi.org/10.14746/sr.2020.4.2.10
Greenberg A (2018), August 22 The untold story of NotPetya, the most devastating cyberattack in history. Wired. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. Accessed 10 August 2022
Herrera Silva JA, Barona López LI, Valdivieso Caraguay ÁL, Hernández-Álvarez M (2019) A survey on situational awareness of ransomware Attacks—detection and Prevention parameters. Remote Sens 11:1168. https://doi.org/10.3390/rs11101168
Hollis ME, Wilso JM (2014) Who are the guardians in product counterfeiting? A theoretical application of routine activities theory. Crime Prev Community Saf 16:169–188. https://doi.org/10.1057/cpcs.2014.6
Humayun M, Jhanjhi NZ, Alsayat A, Ponnusamy V (2021) Internet of things and ransomware: evolution, mitigation and prevention. Egypt Inf J 22:105–117. https://doi.org/10.1016/j.eij.2020.05.003
Interntional Monetary Fund (IMF) (2022) World Economic Outlook Database: October 2022. https://www.imf.org/en/Publications/WEO/weo-database/2022/October. Accessed 11 November 2022
Jarjoui S, Murimi R, Murimi R (2021), June Hold My Beer: A Case Study of how Ransomware Affected an Australian Beverage Company. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE, pp 1–6
Jelaš D (2018) Ransomware. 5. međunarodna konferencija, Inovacije, tehnologije, edukacija i menadžment, sv. Martin na Muri, Croatia, travanj 2018. Glavna tema: Inovacije, sigurnost i održivost u razvoju društva, svezak 2. Zbornik Radova. Međimursko veleučilište u Čakovcu, pp 85–90
Jones D (2023a) Dole incurs $10.5 M in direct costs from February ransomware attack. https://www.cybersecuritydive.com/news/dole-10m-costs-ransomware/650711/ Accessed 12 August 2023
Jones D (2023b) Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry https://www.cybersecuritydive.com/news/ransomware-yum-brands-restaurant-cyber/640843/ Accessed 12 August 2023
Jones S (2017) Timeline: How the WannaCry cyber attack spread. https://www.ft.com/content/82b01aca-38b7-11e7-821a-6027b8a20f23. Accessed 22 August 2022
Jurica K, Vrdoljak J, Brčić Karačonji I (2019) Food defence systems as an answer to food Terrorism. Arh Hig Rada Toksikol 70:232–255. https://hrcak.srce.hr/229291
Kalaimannan E, John SK, DuBose T, Pinto A (2017) Influences on ransomware’s evolution and predictions for the future challenges. J Cyber Secur Technol 1:23–31. https://doi.org/10.1080/23742917.2016.1252191
Kandasamy K, Srinivas S, Achuthan K, Rangan VP (2020) IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP J Inform Secur 8. https://doi.org/10.1186/s13635-020-00111-0
Kapko M (2022) Food supplier cyber risk spreads 1 year after JBS attack.https://www.cybersecuritydive.com/news/food-supplier-cyber-risk-spreads-jbs/624800/. Accessed 8 August 2022
Keremidis H, Appel B, Menrath A, Tomuzia K, Normark M, Roffey R, Knutsson R (2013) Historical perspective on agroterrorism: lessons learned from 1945 to 2012. Biosecurity and bioterrorism: biodefense strategy. Pract Sci 11:S17–S24. https://doi.org/10.1089/bsp.2012.0080
Keshavarzi M, Ghaffary HR (2023) An ontology-driven framework for knowledge representation of digital Extortion Attacks. Comput Hum Behav 139:107520. https://doi.org/10.1016/j.chb.2022.107520
Kowalska A, Manning L (2021) Using the rapid alert system for food and feed: potential benefits and problems on data interpretation. Crit Rev Food Sci Nutr 61(6):906–919. https://doi.org/10.1080/10408398.2020.1747978
Kowalska A, Manning L (2022) Food Safety Governance and Guardianship: the role of the private Sector in addressing the EU Ethylene Oxide Incident. Foods 11:204. https://doi.org/10.3390/foods11020204
Lallie HS, Shepherd LA, Nurse JR, Erola A, Epiphaniou G, Maple C, Bellekens X (2021) Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security 105:102248. https://doi.org/10.1016/j.cose.2021.102248
Latino ME, Menegoli M (2022) Cybersecurity in the food and beverage industry: a reference framework. Comput Ind 141:103702. https://doi.org/10.1016/j.compind.2022.103702
Lavorgna A (2023) Unpacking the political-criminal nexus in state-cybercrimes: a macro-level typology. Trends in Organized Crime. https://doi.org/10.1007/s12117-023-09486-1
Läderach (2022) Läderach affected by cyber attack. https://laderach.com/ch-fr/blog/post/laderach-affected-by-cyber-attack. Accessed 1 October 2022
Lubin A (2022) Public policy and the insurability of cyber risk. 5 J Law Technol Tex 5:45. https://doi.org/10.2139/ssrn.3452833
Luque A, Peralta ME, De Las Heras A, Córdoba A (2017) State of the industry 4.0 in the andalusian food sector. Procedia Manuf 13:1199–1205. https://doi.org/10.1016/j.promfg.2017.09.195
Lyngaas S (2023) Cyberattack on food giant Dole temporarily shuts down North America production, company memo says. https://edition.cnn.com/2023/02/22/business/dole-cyberattack/index.html Accessed 21 August 2023
Mahoney E, Golan M, Kurth M, Trump BD, Linkov I (2022) Resilience-by-design and resilience-by-intervention in supply chains for remote and indigenous communities. Nat Commun 13:1–5. https://doi.org/10.1038/s41467-022-28734-6
Malik S, Shanmugam B, Kannorpatti K, Azam S (2022) Critical feature selection for machine learning approaches to detect Ransomware. Int J Comput Digit Syst 11:1167–1176. https://doi.org/10.12785/ijcds/110195
Manning L (2019) Food defence: Refining the taxonomy of food defence threats. Trends Food Sci Technol 85:107–115. https://doi.org/10.1016/j.tifs.2019.01.008
Manning L (2023) Food defence: types of threat, defence plans and mitigation strategies. In: Knowles ME, Anelich LE, Boobis AR, Popping B (eds) Present Knowledge in Food Safety: A Risk-Based Approach Through the Food Chain. Academic Press, pp 536–551
Manning L, Smith R, Soon JM (2016) Developing an organizational typology of criminals in the meat supply chain. Food Policy 59:44–54. https://doi.org/10.1016/j.foodpol.2015.12.003
Manning L, Soon JM (2019) Food Fraud vulnerability assessment: Reliable data sources and effective assessment approaches. Trends Food Sci Technol 91:159–168. https://doi.org/10.1016/j.tifs.2019.07.007
Manufacturing.net (2022) Food Defense Strategies: Four Ways to Proactively Protect Your Brand. https://www.manufacturing.net/home/whitepaper/13190720/food-defense-strategies-four-ways-to-proactively-protect-your-brand. Accessed 12 November 2022
Martin J, Whelan C (2023) Ransomware through the lens of state crime. State Crime Journal 12(1):4–28
Matthijsse SR, van‘t Hoff-de Goede M, Leukfeldt ER (2023) Your files have been encrypted: a crime script analysis of ransomware Attacks. Trends in Organized Crime 1–27. https://doi.org/10.1007/s12117-023-09496-z
McIntosh T, Kayes ASM, Chen Y-PP, Ng A, Watters P (2021) Dynamic user-centric access control for detection of ransomware attacks. Computers & Security 111:102461. https://doi.org/10.1016/j.cose.2021.102461
Mitenius N, Kennedy SP, Busta FF (2014) Food Defense. In: Motarjemi Y, Lelieveld H (eds) Food Safety Management. Academic Press, San Diego, pp 937–958
Morgan S (2020) Cybercrime to cost the world $10.5 trillion annually by 2025 Cybersecurity Ventures. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/. Accessed 15 November 2022
Muncaster P (2021) Food Shortages at Dutch Supermarkets After Ransomware Outage. https://www.infosecurity-magazine.com/news/food-shortages-dutch-supermarkets/. Accessed 14 August 2022
National Cyber Security Centre (NCSC) (2021) Ransomware - prevention and recovery. https://www.ncsc.gov.uk/static-assets/documents/Ransomware%20prevention%20and%20recovery.pdf. Accessed 31 October 2022
National Cyber Security Centre (NCSC) (2022) 7 Tips on how to break the ransomware attack chain. https://cybersecuritymonth.eu/countries/ireland/7-tips-on-how-to-break-the-ransomware-attack-chain. Accessed 21 October 2022
Nayak R, Manning L (2021) Forgotten children: a socio-technical systems analysis of the 2004 and 2015 forced child labour reports from Indian cottonseed farms. Trends in Organized Crime 1–32. https://doi.org/10.1007/s12117-021-09426-x
Oyetoro JO, Rahman SB, Oladipom SO, Jolayemi JO (2015) Crop farmers’ perception of growth enhancement scheme in curbing corruption in inorganic fertiliser delivery in Odeda local government area of Ogun State Nigeria. Nigerian J Rural Sociol 16:50–54. https://doi.org/10.22004/ag.econ.287449
Oz H, Aris A, Levi A, Selcuk Uluagac A (2022) A Survey on Ransomware: evolution, taxonomy, and Defense Solutions. ACM-CSUR 54:238. https://doi.org/10.1145/3514229
Paloaltonetworks (2023) What is Multi-Extortion Ransomware? https://www.paloaltonetworks.com/cyberpedia/what-is-multi-extortion-ransomware Accessed 13 August 2023
PAS 96 (2017) Guide to protecting and defending food and drink from deliberate Attack. BSI, London
Perrett M (2022) International criminal cyber attack hits Wiltshire Farm Foods and Apetitio. https://www.foodmanufacture.co.uk/Article/2022/06/29/What-impact-has-the-cyber-attack-had-on-Wiltshire-Farm-Foods. Accessed 10 August 2022
Rani IB, Ewards SV, Palmer GM, Kathrine GJW (2023), June Detection of Cyber-attacks in Food Industry using Multi-Layer Perceptron and Convolution Neural Network. In 2023 International Conference on Sustainable Computing and Smart Systems (ICSCSS) (pp. 1405–1409). IEEE
Reshmi TR (2021) Information security breaches due to ransomware attacks-a systematic literature review. Int J Inform Manage Data Insights 1:100013. https://doi.org/10.1016/j.jjimei.2021.100013
Reynald DM (2009) Guardianship in action: developing a new tool for measurement. Crime Prev Community Saf 1:1–20. https://doi.org/10.1057/cpcs.2008.19
Rezazade F, Summers J, Teik DOL (2022) A holistic approach to food Fraud vulnerability assessment. Food Control 131:108440. https://doi.org/10.1016/j.foodcont.2021.108440
Riccardi M (2021) Organised crime infiltration of the COVID-19 economy. Eur Law Enforc Res Bull 5:33–43. https://doi.org/10.7725/eulerb.v0iSCE%205.488
Ridler G (2022) Future factory: Protecting the plant from cyber-criminals. https://www.foodmanufacture.co.uk/Article/2022/05/04/How-can-food-manufacturers-tackle-the-threat-of-cyber-crime#. Accessed 10 August 2022
Rizzuti A (2022) Organised food crime: an analysis of the involvements of organised crime groups in the food sector in England and Italy. Crime Law and Social Change 78:463–482. https://doi.org/10.1007/s10611-021-09975-w
Rojas N (2017) Man puts lethal poison into baby food to blackmail supermarkets in €10 million extortion plot. https://www.ibtimes.co.uk/man-puts-lethal-poison-into-baby-food-blackmail-supermarkets-10m-extortion-plot-1641233. Accessed10 June 2022
Ruel C (2022) KP snacks supply chain crunches to a halt after ransomware attack. https://www.insurancetimes.co.uk/news/kp-snacks-supply-chain-crunches-to-halt-after-ransomware-attack/1440238.article. Accessed 19 April 2022
Rusev A (2016) Extortion Racketeering in the agricultural sector. CSD Rep 33:25–42
Saeed F, Gazem N, Patnaik S, Balaid ASS, Mohammed F (eds) (2018) Recent Trends in Information and Communication Technology: Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017) (Vol. 5). Springer
Sapalo Sicato JC, Sharma PK, Loia V, Park JH (2019) VPNFilter malware analysis on cyber threat in smart home network. Appl Sci 9(13):2763. https://doi.org/10.3390/app9132763
Satariano A, Perlroth N (2019) Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong. The New York Times. April 15, 2019
Schmid AP (2018) Revisiting the relationship between international Terrorism and transnational organised crime 22 years later. International Centre for Counter-Terrorism, Hague
Smith L (2016) £2 million blackmail plotter claimed he had laced supermarket food with cyanide. https://www.mirror.co.uk/news/trials/2million-blackmail-plotter-claimed-laced-8751269. Accessed 10 June 2022
Smith R, Manning L, McElwee G (2023) Using script and textual analysis and close readings of media reports to analyse ‘So-called Food-Fraud scandals’. https://doi.org/10.1007/s10611-021-10000-3. Sage Research Methods Business Cases P.1–24
Sánchez-García ID, Gilabert TSF, Calvo-Manzano JA (2023) Countermeasures and their taxonomies for risk treatment in cybersecurity: a systematic mapping review. Computers & Security 128:103170. https://doi.org/10.1016/j.cose.2023.103170
Song H, Lu B, Ye C, Li J, Zhu Z, Zheng L (2021) Fraud vulnerability quantitative assessment of Wuchang rice industrial chain in China based on AHP-EWM and ANN methods. Food Res Int 140:109805. https://doi.org/10.1016/j.foodres.2020.109805
Soon JM, Krzyzaniak SC, Shuttlewood Z, Smith M, Jack L (2019a) Food Fraud vulnerability assessment tools used in food industry. Food Control 101:225–232. https://doi.org/10.1016/j.foodcont.2019.03.002
Soon JM, Manning L, Smith R (2019b) Advancing understanding of pinchpoints and crime prevention in the food supply chain. Crime Prev Community Saf 21:1–19. https://doi.org/10.1057/s41300-019-00059-5
Soori M, Arezoo B, Dastres R (2023) Internet of things for smart factories in industry 4.0, a review. Internet of Things and Cyber-Physical Systems 3:192–204. https://doi.org/10.1016/j.iotcps.2023.04.006
Spink J, Chen W, Zhang G, Speier-Pero C (2019) Introducing the Food Fraud Prevention Cycle (FFPC): a dynamic Information Management and Strategic Roadmap. Food Control 105:233–241. https://doi.org/10.1016/j.foodcont.2019.06.002
Spink J, Moyer DC (2011) Defining the public health threat of food Fraud. J Food Sci 76:R157–R163. https://doi.org/10.1111/j.1750-3841.2011.02417.x
Spink J, Moyer DC, Park H, Wu Y, Fersht V, Shao B, Hong M, Paek SY, Edelev D (2015) Introduction to Food Fraud including translation and interpretation to Russian, Korean and Chinese languages. Food Chem 189:102–107. https://doi.org/10.1016/j.foodchem.2014.09.106
Taddeo M (2019) Three ethical challenges of applications of artificial intelligence in cybersecurity. Mind Mach 29:187–191. https://doi.org/10.1007/s11023-019-09504-8
Tatar U, Nussbaum B, Gokce Y, Keskin OF (2021) Digital force majeure: the Mondelez case, insurance, and the (un)certainty of attribution in cyberattacks. Bus Horiz 64:775–785. https://doi.org/10.1016/j.bushor.2021.07.013
Taylor J (2021) Cyber-attack on JBS, world’s largest meatworks, temporarily shuts Australian operations. https://www.theguardian.com/australia-news/2021/jun/02/cyber-attack-on-jbs-worlds-largest-meatworks-temporarily-shuts-australian-operations. Accessed 20 November 2022
Teichmann F, Boticiu SR, Sergi BS (2023) The evolution of ransomware Attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate? Int Cybersecur Law Rev 4:259–280. https://doi.org/10.1365/s43439-023-00095-w
Tushir B, Sehgal H, Nair R, Dezfouli B, Liu Y (2021) The Impact of DoS Attacks on Resource-constrained IoT Devices: A Study on the Mirai Attack. arXiv preprint arXiv:2104.09041
US Code (1961) Title 18. Part 1. Chapter 96. https://www.law.cornell.edu/uscode/text/18/1961. Accessed 12 August 2022
van Ruth SM, Huisman W, Luning PA (2017) Food Fraud vulnerability and its key factors. Trends Food Sci Technol 67:70–75. https://doi.org/10.1016/j.tifs.2017.06.017
van Ruth SM, Luning PA, Silvis ICJ, Yang Y, Huisman W (2018) Differences in Fraud vulnerability in various food supply chains and their tiers. Food Control 84:375–381. https://doi.org/10.1016/j.foodcont.2017.08.020
Voyiatzis AG, Serpanos DN (2022) Active hardware attacks and proactive countermeasures. In: Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications, pp 361–366. https://doi.org/10.1109/ISCC.2002.1021702
White B, Graham C, Savitri L (2022) Agrarian movements and rural Populism in Indonesia. J Agrarian Change e12506. https://doi.org/10.1111/joac.12506
Winder D (2023). The Sobering Truth About Ransomware - For The 80% Who Paid Up. https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up/. Accessed 1 November 2023
Wiśniewska MZ (2015) HACCP-based food defense systems. J Manage Finance 13:106–119
Woollacott E (2021) AXA ransomware Attack comes just days after insurer pulled coverage for cyber-attack class in France. Accessed 13 August 2023
Yang Y, Huisman W, Hettinga KA, Liu N, Heck J, Schrijver GH, Gaiardoni L, van Ruth SM (2019) Fraud vulnerability in the Dutch milk supply chain: assessments of farmers, processors and retailers. Food Control 95:308–317. https://doi.org/10.1016/j.foodcont.2018.08.019
Yan J, Erasmus SW, Toro MA, Huang H, van Ruth SM (2020) Food Fraud: assessing Fraud vulnerability in the extra virgin olive oil supply chain. Food Control 111:107081. https://doi.org/10.1016/j.foodcont.2019.107081
Yin RK (1993) Applications of case study research. SAGE Publications, Newbury Park, CA
Yin RK (1994) Case study research: design and methods. Sage, Thousand Oaks, CA
Acknowledgements
Not applicable.
Funding
Not applicable.
Author information
Authors and Affiliations
Contributions
The authors were equally involved in conceptualization, methodology, investigation, writing, original draft preparation, review, and editing.
Corresponding author
Ethics declarations
Ethical approval
This study involves an analysis of published reports. The Maria Curie-Skłodowska University in Lublin, Poland has confirmed that no ethical approval is required.
Informed consent
The research did not involve direct/indirect contact with human/animal participants. Document analyses were carried out in this study and hence, there was no requirement for Informed Consent.
Competing interests
The authors certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honoraria; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships or affiliations) in the subject matter or materials discussed in this manuscript.
Authors’ information
Prof. Louise Manning is an academic researcher, writer, communicator, and educator whose research is focused on the critical issues in society, food and farming including sustainability, resilience, agri-food technology, values, integrity and trust. She has had over 100 papers published in peer-reviewed journals and has written and published many books for a range of audiences.
Dr hab. Aleksandra Kowalska, prof. UMCS is an academic researcher and lecturer whose research interests are in food integrity, the role of rapid alert systems and information technology in data exchange along the food supply chain, sustainable food systems, food security issues and consumer behaviour studies. She published several dozen articles in peer-review journals, authored numerous book chapters and wrote two books in the area of food integrity and sustainable economy.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Manning, L., Kowalska, A. The threat of ransomware in the food supply chain: a challenge for food defence. Trends Organ Crim (2023). https://doi.org/10.1007/s12117-023-09516-y
Accepted:
Published:
DOI: https://doi.org/10.1007/s12117-023-09516-y