Agrocomplex named after. N.I. Tkachev suffered a large-scale cyber attack

The Agrocomplex named after was subjected to a large-scale cyber attack using an encryption virus. N.I. Tkacheva is one of the largest agricultural enterprises in Russia. The company is still addressing the consequences of the incident. According to Kommersant, she had to face not only difficulties in her work, but also extortion of 500 million rubles. Encryption viruses are increasingly used for complex cyber attacks, experts say, and victims may suffer not only from hackers, but also from the state – the purpose of ransom payments cannot be confirmed.

Kommersant’s sources in the cybersecurity market spoke about a large and successful hacker attack on the Agrocomplex named after. N.I. Tkachev, owned by ex-Minister of Agriculture Alexander Tkachev and his family. According to one of Kommersant’s interlocutors, “all of the company’s IT systems were attacked; the incident led to the theft and encryption of data on the organization’s servers.” The agricultural complex’s website did not work on April 8 and 9, Kommersant was convinced.

There was a technical failure on the server due to a hacker attack, the company confirmed to Kommersant, adding that work to eliminate the consequences continues. The agricultural complex expects a “return to normal functioning” within three to five days. The company assured that it “will fulfill all obligations to provide products to the population and ship goods to partners.”

Kommersant’s interlocutor at the market clarifies that the goal of the hackers was not only to stop the company’s work, but also to pay a ransom for the stolen data. According to his information, the hackers’ request amounted to about 500 million rubles. The company did not comment on the fact of payment.

According to Kommersant’s interlocutor in one of the large companies involved in information security, access to the agricultural complex data could have been obtained through phishing, vulnerabilities in public applications or RDP ports (Remote Desktop Protocol). Director of the center for monitoring and countering cyber threats IZ:SOC “Informzashita” Alexander Matveev believes that the attackers chose the agricultural complex because of “financial stability and probable readiness to pay.” “The attack was not noticed and no containment measures were taken, as a result of which the attackers were able to gain access to the infrastructure,” the expert believes.

The threat from hackers using ransomware viruses (which end up on devices and encrypt valuable files) has been growing since the beginning of the conflict in Ukraine, but their demands decreased by the end of 2022: the average ransom value fell more than 20 times year-on-year (see chart). “Kommersant” dated November 21, 2022). At the time, the trend was associated with a drop in the cost of malicious software. According to Solar JSOC of Solar Group, in the first months of 2024, the share of attacks, including those using ransomware, more than doubled by the fourth quarter of 2023.

In the EU and the US, cases of cyber blackmail are not uncommon. Thus, in April 2023, an attacker downloaded a ransomware virus into the information system of the San Bernardino County Sheriff’s Department in the United States. The attack cost $1.1 million.

In Russia, payments to hackers are not regulated, clarifies Fedor Muzalevsky, director of the technical department of RTM Group. However, according to him, the transfer may “fall under the article on money laundering, since the transaction cannot be confirmed with legal documents.” Therefore, ransoms are paid, as a rule, through cryptocurrency. The ransom amount in cryptocurrency can be from 2 BTC (about 13 million rubles as of April 9) for several servers, Informzashita clarifies.

Daria Koshkina, head of cyber threat analytics at Solar Group, notes the “trend towards more complex attacks” and considers it likely that “in the near future the number of ransomware will increase.”

Tatiana Isakova, Anatoly Kostyrev