Cyber attacks on the rise but this one has a twist: Activists demand public apology, not money
GUELPH — A Southwestern Ontario hog farm recently fended off a ransomware attack from animal-activist computer hackers who demanded not money but a false confession.
The owners of the small family operation, a two-hour drive from Guelph, were instructed to publicly admit to abusing their livestock or the hackers would release the video evidence acquired from the farm’s security cameras.
But it was a bluff. The ideologically-motivated cyber criminals didn’t have any incriminating footage and never compromised the farm’s surveillance systems in the first place. However, the culprits did lock down the farm’s business computer after infecting it with a common virus-like ransomware program,
The unnamed hog farm didn’t comply and called the University of Guelph’s Cyber Science Lab, which offers a paid service to farmers and other businesses. Ali Dehghantanha, Canada research chair in cybersecurity and threat intelligence at the lab, says his team has handled more than 20 ransomware cases at Ontario businesses so far this year, including attacks on food companies and other farms. While all of those other cases involved the usual demand for money, the hog farm case was the first time that Dehghantanha had seen ransomware used to extort something other than money.
The attackers were not sophisticated and used an older version of the ransomware code that anyone can download, he observed. “But the significance is that you are now dealing with a new threat vector that has not been seen before, and that these activists trained themselves on this topic. Especially in the livestock industry, this could become a significant threat.”
Ransomware extortionists are hard enough to catch as it is, but they at least create a bit of digital trail if they collect money from their victims. That’s not the case with bad actors who are simply out to disrupt a working farm. “They have nothing to lose, there is no money transferred, you are not going to be detected, and you can cause damage,” Dehghantanha said.
Police were not called in this case. OPP spokesperson Bill Dickson told Farmers Forum that the cyber crime team will not investigate unless the farmer files a complaint. Even if there is no demand for money, the attack was still illegal, he said. “Ransomware is a crime, no matter the motivation.”
The farm’s business computer, according to Dehghantanha, was infected by the ransomware program after someone at the farm clicked on a bad Internet link, possibly contained in an email. They weren’t even using the farm’s business computer at the time. The user was on a separate computer connected to a personal wireless network serving the farm residence, which was connected to the farm’s business computer and the malicious code spread from there. He advised that business and personal computers should be kept entirely separate.
His team easily removed the hackers’ threat that appeared on the computer screen and deleted the outdated ransomware from the infected machine that locked out all users.
Locking down the computer is the usual leverage that attackers gain when trying to extort money. They hold the machine at ransom until they are paid. But in another farm case, Dehghantanha dealt with hackers who also claimed the ability to remotely turn off fans in a chicken barn and threatened to kill the birds unless the owners paid up. He always recommends that the victims not pay the hackers.
Cyber security is a “huge issue” through the entire food supply chain, down to the producer and farm level, said Professor Sylvain Charlebois, director of the Agri-Food Analytics Lab at Dalhousie University.
“I’ve always believed the entire food industry hasn’t taken cyber security seriously enough,” he said.
Sobey’s and Maple Leaf Foods individually lost $25 million and $23 million in separate disruptive ransomware attacks last fall.
As for the motive in the latest case, Charlebois noted a general uptick in animal rights activism targeting various livestock sectors over the last six months. “Instead of just stopping trucks, or sending out press releases or running social media campaigns, apparently they’ve now decided to start attacking companies through cyber security, and they can get away with it,” he observed.
Cyber attacks also tend to be embarrassing for the involved companies, “so they don’t want to talk much about these things,” he said.
Ransomware may spread by clicking on a malicious email attachment or online link. “You’re always one click away from being in deep trouble,” Charlebois said.
Ontario Pork released a statement from general manager Ken Ovington saying the organization “routinely meets with cybersecurity experts and researchers to gather knowledge that can be used to create awareness and provide informational tools that are valuable to pork producers and the provincial pork industry.
“These types of cyberattacks are undeniably on the rise. As technology usage increases, so does the methods and sophistication of cyber criminals so it’s crucial that producers, agricultural organizations and government continue to prioritize cybersecurity measures, stay vigilant, and collaborate to prevent future cyberattacks.”
Former dairy farmer Brian Kerby, now employed as a data specialist with the federal government, advises regularly backing up computers on backup drives unconnected to the Internet or network. That way, a system infected with ransomware can be wiped and restored without too much trouble. Use up-to-date anti-virus software regularly and ensure your network firewall is adequate.