Ransomware Attacks Targeting Agriculture and Food Production Doubled in 2025

Ransomware attacks against the food and agriculture sector surged in early 2025, with 84 incidents reported in just the first three months, more than double the number from Q1 2024.  

According to Jonathan Braley, director of the Food and Ag-ISAC, this rise began in late 2024 and has been driven in part by Clop’s exploitation of a widely used file sharing service. Even excluding Clop, groups like RansomHub and Akira have continued targeting the industry aggressively.  

“A lot of it never gets reported, so a ransomware attack happens, and we never get the full details,” he told Recorded Future News on the sidelines of the conference. “I wish companies would be more open in talking about it and sharing ‘Here's what they use, here's how we fixed it,’ so the rest of us can prevent that.”  

The Food and Ag-ISAC gathers threat data through open-source monitoring, dark web tracking, member contributions, and cooperation with other ISACs. The food and agriculture sector is particularly vulnerable due to legacy equipment, industrial control systems, and reliance on tightly run supply chains.  

High-profile attacks have recently impacted major producers in South Africa and Russia, with one incident alone costing over $1 million. Most concerning, ransomware now represents 53% of all known cyber threats facing the industry, underscoring the sector’s growing exposure.

Takeaway: Ransomware crews have figured out that if you hit a food producer, you’re not just locking up data—you’re jamming up the entire supply chain.  

Agriculture is critical infrastructure for a reason: if systems go down, people don’t eat, shelves don’t get stocked, and the ripple effects get ugly fast. Attackers know this, and they’re exploiting it. Every minute of downtime costs these companies a fortune and piles pressure on them to pay up just to get operations moving again.  

This isn’t just about data leaks or PR hits—it’s about whether you can ship product tomorrow. This is why resilience is just as important as prevention.  

Ideally, you want to detect and block the ransomware before it lands. But what happens when it does? If you're not prepared to bounce back fast, you're going to end up in a no-win situation: hemorrhaging money, losing customer trust, and staring down the barrel of a ransom note.  

The playbook has to evolve. It's not just about stopping the breach—it's about being able to take a punch, get back on your feet, and keep the business running. In this game, recovery speed is survival. And for critical infrastructure, that speed can make or break everything.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.