The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in 2025, with ransomware attacks doubling in the first quarter compared to the same period in 2024.
Speaking at the RSA Conference on Thursday, Jonathan Braley, director of the Food and Ag-ISAC (Information Sharing and Analysis Center), revealed a staggering 84 ransomware incidents from January to March, highlighting a critical lack of visibility into the full scope of the crisis.
Braley expressed frustration over the reluctance of affected companies to share detailed information about attacks, emphasizing that greater transparency could bolster collective defense mechanisms.
.png
)
“A lot of it never gets reported, so a ransomware attack happens, and we never get the full details,” he told Recorded Future News.
“I wish companies would be more open in talking about it and sharing ‘Here’s what they used, here’s how we fixed it,’ so the rest of us can prevent that.”
Escalating Cyber Threats Target Critical Sector in 2025
The surge in attacks, which began in the fourth quarter of 2024, has been largely driven by the infamous Clop ransomware gang exploiting vulnerabilities in a widely used file-sharing service.
However, even excluding Clop’s activities, other notorious groups such as RansomHub and Akira have relentlessly targeted the sector, contributing to the alarming rise in incidents.
Food and Ag-ISAC compiled these figures through a combination of open-source intelligence, dark web monitoring, member contributions, and collaboration with the National Council of ISAC members.
The data paints a grim picture: 31 attacks struck in January, 35 in February, and although the number dipped to 18 in March, the quarterly total still marks a 100% increase from Q1 2024.
According to the Report, this escalation underscores the growing sophistication and persistence of ransomware actors targeting critical infrastructure.
Legacy Systems and Tight Supply Chains Amplify Vulnerability
High-profile incidents have further exposed the sector’s fragility, with a March attack on South Africa’s largest chicken producer resulting in losses exceeding $1 million, and a similar assault on the largest dairy processing plant in southern Siberia disrupting operations.
These events spotlight why food and agriculture organizations are prime targets for cybercriminals.
The industry often relies on legacy equipment and industrial control systems (ICS), which are notoriously difficult to secure and patch against modern threats.
Additionally, the sector’s dependence on tight supply chains and just-in-time delivery models creates immense pressure to resolve disruptions quickly, often pushing companies to pay ransoms to minimize downtime.
Braley also noted a chilling statistic: ransomware now constitutes 53% of all cyber threats facing the industry, signaling its dominance in the attack landscape.
The systemic vulnerabilities and economic importance of food and agriculture necessitate urgent action.
Legacy systems, while critical to operations, lack the robust security frameworks needed to counter evolving ransomware tactics, leaving organizations exposed to encryption-based extortion schemes.
As supply chain interruptions can have cascading effects on food security, the stakes are extraordinarily high.
Braley’s call for increased information sharing is not just a plea for collaboration but a strategic imperative to build resilience against a threat that shows no signs of abating.
Without coordinated efforts to modernize defenses and enhance transparency, the industry risks further devastation at the hands of cyber adversaries in 2025 and beyond.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
