Food and ag sector weathers more ransomware attacks, braces for ‘strategic adaptation’ threats

Name: Food and ag sector weathers more ransomware attacks, braces for ‘strategic adaptation’ threats
Uploaded: 2026-02-17T15:51:50-05:00
Channel: Bridget Johnson
Description: Ransomware attacks targeting the food and agriculture sector jumped by nearly 23% last year with five threat actors -- Qilin, Akira, CL0P, Play and Lynx -- accounting for nearly half of the attacks as a "more complex" environment threatens critical food lifelines, according to a new report from sector security experts. The Food and Ag

(USDA)

By Bridget Johnson • Feb 17, 2026

Ransomware attacks targeting the food and agriculture sector jumped by nearly 23% last year with five threat actors — Qilin, Akira, CL0P, Play and Lynx — accounting for nearly half of the attacks as a “more complex” environment threatens critical food lifelines, according to a new report from sector security experts.

The Food and Ag Information Sharing and Analysis Center (ISAC) said ransomware attacks soared 82% across all critical infrastructure sectors from 2024 to 2025.

In the report analyzing last year’s ransomware trends and looking ahead to this year’s threats, the ISAC attributed the steep hike — from 3,508 incidents recorded in 2024 to 6,377 last year — to the combination of “an improved ability to track ransomware attacks and a genuine escalation in ransomware operations.”

Together, Food and Ag-ISAC and IT-ISAC, centered in the information technology sector, have logged more than 15,000 ransomware incidents since 2020 in a database that enables members to study attack trends.

The food and agriculture sector was targeted by 265 attacks in 2025, increasing from 206 attacks in 2024, while manufacturing outpaced other sectors with 1,440 attacks last year followed by commercial facilities with 1,107 attacks.

While representing just 4.2% of total ransomware volume across all critical infrastructure sectors, “ransomware attacks can be particularly damaging” to the sector that feeds America, the report notes.

“Food and agriculture companies are inevitably targeted by ransomware attacks due to the sheer volume of indiscriminate attacks,” the report stated. “However, CL0P is a notable outlier, suggesting a slight preference for the food and agriculture sector.”

CL0P, which emerged in 2019, targeted food and agriculture entities in 9.2% of its 2025 attacks, the ISAC found, while all groups attacked the sector 4.2% of the time on average.

“The ransomware threat landscape targeting food and agriculture continues to evolve rapidly, driven by fragmentation, technological innovation, and strategic adaptation by threat actors,” the report said, predicting potential trouble this year from four trends that are “amplifying vulnerabilities unique to food and agriculture operations.”

These include a growing number of smaller and more specialized ransomware operations “as affiliates realize that smaller groups are harder for authorities to track,” sustained DDoS attacks layered on top of initial breaches, attacking underlying infrastructure so that “a single attack can take down hundreds of virtual machines at once,” and generative and agentic AI improving the quality of phishing and social engineering attacks.

At a House Homeland Subcommittee on Emergency Management and Technology hearing last fall, experts told lawmakers that they are concerned about mounting hybrid threats as well as adequate resources and training to be prepared for attacks that would have a devastating impact on the nation’s food supply.

Cris Young, a professor at Auburn University’s College of Veterinary Medicine and former USDA program director, told lawmakers in prepared remarks that “non-state actors like terrorist and violent extremist organizations may also target our homeland food supply via the agriculture sector.”

The goal would be to disrupt critical food and water supplies “followed by tactical and strategic dominance, and eventual destruction,” and both the food supply and supporting infrastructure “will almost certainly be more intensely targeted in the future,” Young testified.

Cyber threats can target precision agriculture or control systems, or spread disinformation that could be “catastrophic” to the ag industry, Marty Vanier, director of the National Agricultural Biosecurity Center at Kansas State University and the associate director of the Biosecurity Research Institute at Kansas State University, told the subcommittee. Research security is also a concern.

“The interconnectedness of the production of food crops and animals will have wide-reaching impacts,” she said in prepared remarks. “Think trucking, ag banking, fuel and fertilizer, equipment manufacturing, sales and repairs, feedstuffs, medications, harvest activities, employment, and all of the economic multiplier effects on rural communities.”