From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.
When an agricultural producer gets hit by a ransomware attack, it comes close to collapsing its business. The last two years of our lives will forever be marked as the years hardest hit by the global pandemic COVID-19. But this period has also brought us other threats, namely the digital pandemic in the form of the rise of Ransomware cyber-attacks.
What is Ransomware?
It was an ordinary morning for the agricultural company which is one of the main dairy products producers in the region. The director of the company arrived as usual some time before the workers came to the factory, turned on his business laptop and noticed a disturbing message: āYou are under ransomware attack, please follow the link for further steps.ā
Ransomware is a type of malicious software or encryption program, placed by a hacker, that works by encrypting data on a network. To regain access to the data, it asks you to pay a ransom in exchange for a decryption key. Some researches (Coveware) show that a minority of companies that choose the ransom payment route, end up being forced to make additional payments or never getting access to their data.
Ransomware attacks have been one of the most common threats in the last couple of years. Business interruption periods increased from an average of 15 days (2020), now to an average of 23 days (2021). It should be also noted that the business interruption costs sometimes are as high as the ransom payment, or even exceed the amount. IBM’s 2020 Cost of Data Breach Report shows us that it took around 280 days to even identify a breach in a system, which gives us an insight into the ability and power of hackers to move stealthily and silently through a victim’s system.
Cognyte company, the security analytics agency, claims that the Manufacturing and Financial Services industries are the leading targets for ransomware hit, followed with a Transportation, Technology and Legal and Human Resources industries. Some examples are:
Weak point RDP
According to the UK security company Sophos, one of the most distinguished ways is the widespread use of Remote Desktop Protocol (RDP). RDP is a system which allows remote users to connect to the desktop of another computer via a network connection. Usually it is used by organizations to allow employees to gain access to their networks while they are working remotely. If the port, which an organization uses for RDP access, is exposed directly to the internet, it is easy for malicious actors to find it, where they then attempt to gain access to an organizationās computer systems.
After the hackers gain access to the system, the next step is to break into organizationĀ“s local administrator account. This means that the attackers are using a computer program trying to crack the passwords by trying various password combinations in quick series. The longer and more complex password, the more difficult the job will be for hackers to crack the system. Unfortunately, in our case, the local administratorĀ“s account had a weak password combination. Additionally, the absence of Multi-factor authentication (MFA) for RDP access, allowed the hacker to gain access to the organizationās network without having to go through a second verification procedure, such as entering a verification code.
The production was blocked and unfortunately the company did not have offline back-up stored on an external storage that could be used to restore them. After the activation of the business incident plan and connection with the external incident response team, the company decided that a ransom will be paid. After the payment and receiving decryption key, the recovery was started. As the whole process was time-consuming, it took around 14 days for the system to get fully recovered.
The benefits of cyber insurance
Due to having a cyber insurance policy, the company was able to carry out the whole process of recovery of data and ransom payment with highly skilled IT professionals. The costs which were covered under this cyber-attack were, above mentioned ransom payment, business interruption losses, business incident response, forensic investigation costs, crisis PR, privacy liability, compliance with the data protection regulatory bodies (GDPR) under the law regulated time.
Some important statistics (Indusface)
From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.
If you are interested about the possible insurance offers and the level of vulnerability of your company to cyber threats, contact us and team of our specialists will provide you all necessary information about the further steps.
Related Insights
Affinity Insurance and Better Agreements Between Farmers and Partners
Affinity insurance and risk management services will help you strengthen your relations with counterparties.
Choosing the right risk management strategy in Food & Agriculture
The most challenging thing about risk mapping is risk assessment. Risk mapping is a good starting point for implementing a holistic approach to risk management.
How to feed the world and save the planet?
Tackling the challenge of feeding the world, while solving environmental problems and preventing further global warming is not an easy task.

Stephan Eberlein
Group Practice Leader Financial Lines
T +43 664 962 40 60