NWF says cyber incident contained, as threat analyst warns agribusinesses to remain vigilant

17-Nov-2020 - Last updated on 17-Nov-2020 at 09:13 GMT

Related tags ransomware cyber incident hacking data breaches

Following a cyber incident at the start of the month, UK fuel, food and feed distributor, the NWF Group, says it acted promptly to instigate precautionary measures, engaging specialist external support to limit the damage and manage the incident.

“Following extensive investigations, supported by cyber security experts, the group is satisfied that the incident has been contained and additional security measures have been applied to all of the group's IT systems.”

No information material to the running of the business was irretrievably lost as a result of the "unauthorised access" to the IT systems in NWF's feeds and fuel divisions and at Group level.

It first reported the cyber incident on November 3.

“Despite the temporary shut-down of certain systems, the group is pleased to report that each of its three divisions has continued to operate with minimal disruption and the Board does not expect that the incident is likely to result in any material impact on underlying trading.”

Investigations into the cyber incident continue, it added.

“As more information becomes available, the group will continue to assess, with the benefit of specialist advice, its legal obligations in connection with the incident.”

NWF said it expects that the costs associated with its response to the incident will be around £0.5M (US$661K) net of recoveries under its existing cyber insurance and that, as such, the overall financial impact on the company “is not expected to be material.”

Trading in the company's ordinary shares recommenced last Thursday [November 12], having been suspended since the hacking event.

Agribusiness on cyber criminals’ radar

Denmark headquartered agribusiness group, Danish Agro, was the victim of a ransomware attack in April this year. Søren Møgelvang Nielsen, communication director, Danish Agro, in May said the company had not had any dialogue with the hackers and had not paid them any ransom. It took several months for business to return to normal following the incident.

Brett Callow, a threat analyst for Emsisoft, commenting on those developments, told FeedNavigator: “For whatever reason, companies in the agricultural are frequently targeted by certain ransomware groups - in fact, one group, REvil, recently stated that they consider the agricultural sector to be one of the most profitable, along with the insurance and legal sectors. While I’m not sure why this should be the case, it would certainly seem that agribusinesses are squarely in the crosshairs - and that’s bad news for the companies that may be targeted.”

Ransomware incidents are no longer simply expensive inconveniences: they’re data breaches that can result in clients and business partners being attacked, regulatory penalties, reputational harm, and more, said the analyst.

“Unfortunately, there is no easy, single-step solution that companies can use to secure their networks against ransomware. Rather, it’s a matter of ensuring best practices are rigidly adhered to. Those best practices include locking down remote desktop protocol (RDP), implementing a solid password strategy, using multi-factor authentication (MFA) everywhere it can be used, disabling PowerShell when not needed, patching promptly, limiting admin rights and a host of other measures,” added Callow.