Do Son 
Ransomware attacks targeting the agribusiness sector in 2025 have grown markedly in both scale and intensity, according to Jonathan Braley, Director of Food and Ag-ISAC—an organization dedicated to cybersecurity intelligence sharing within the food industry—who spoke at the RSA Conference.
Braley noted that the situation is exacerbated by the widespread reluctance of affected companies to disclose incidents. Many opt for silence, withholding technical details from both peers and the broader cybersecurity community. This lack of transparency hinders collective learning and weakens the sector’s overall defensive posture.
According to Food and Ag-ISAC data, a new surge of ransomware activity began in the fourth quarter of 2024, accelerating sharply by early 2025. In January alone, 31 incidents were recorded; February saw 35; and despite a slight decline, March still witnessed 18 attacks. In total, the first quarter of 2025 registered 84 ransomware incidents across the industry—more than double the number reported during the same period the previous year.
One major catalyst for this rise was the large-scale breach of the widely used file transfer service Cleo, exploited by the Cl0p ransomware group. Yet even when excluding Cl0p-related incidents, the sustained activity of other groups—such as RansomHub and Akira—remains alarmingly high. These actors continue to specifically target agricultural and food production enterprises, despite the mitigation of certain threat vectors.
Recent weeks have seen several high-profile breaches. In March, for instance, South Africa’s largest poultry producer suffered an attack resulting in losses exceeding one million dollars. Businesses of this nature are frequent targets for cybercriminals due to their reliance on outdated systems and infrastructure, as well as the intricacies of their operations. Strict delivery timelines and just-in-time production models render agribusinesses particularly vulnerable—even brief disruptions can inflict enormous financial damage.
Of even greater concern is the proportion of ransomware among all cyberattacks observed within the sector. Current estimates indicate that ransomware accounts for 53% of all incidents—a sobering statistic that underscores the critical importance of proactive defense. It also highlights the urgent need to foster a culture of transparency and information sharing throughout the agrifood industry.
