Last week, PJ Media reported on the suspicious number of food processing plants, factories, logistics centers, and other industrial food facilities across the U.S. that had burned, exploded, or had planes crash on them. In the past week, more accidents have occurred, the FBI has issued a warning, possible motives have emerged, and one company offered a rather implausible explanation for the destruction of their facility. At this point, we still have more questions than answers.
Now the fact-checkers have come out in force, so we know there’s nothing to worry about. Right?
To be crystal clear: no pattern has yet emerged. The incidents still appear random. Nobody has produced a connection between all these incidents.
There are just a LOT of them, and they’re continuing.
The FBI has not made any mention of the fires, plane crashes, and explosions, but it has issued an alert about cyberattacks possibly timed to disrupt the grain harvest season:
The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be…. more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.
A significant disruption of grain production could impact the entire food chain, since grain is not only consumed by humans but also used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.
- In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services, which are critical during the spring planting season.
- In February 2022, a company providing feed milling and other agricultural services reported two instances in which an unauthorized actor gained access to some of its systems and may have attempted to initiate a ransomware attack. The attempts were detected and stopped before encryption occurred.
- Between 15 September and 6 October 2021, six grain cooperatives experienced ransomware attacks. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had to completely halt production while others lost administrative functions.
- In July 2021, a business management software company found malicious activity on its network, which was later identified as HelloKitty/Five Hands ransomware. The threat actor demanded $30 million USD ransom. The ransomware attack on the company led to secondary ransomware infections on a number of its clients, which included several agricultural cooperatives.
Cyber threat actors will continue to exploit network, system, and application vulnerabilities within the FA sector.
It’s been a heckuva couple of weeks.
Related: Cybersecurity in 2022: Is the Biden Administration Capable of Defending America?
On April 26, a large blaze wiped out a large portion of a sausage factory in England, requiring over 70 firefighters to extinguish.
On April 30, a grain processing facility at a Perdue Farms plant in Virginia caught fire, sending huge plumes of smoke into the sky.
On May 1, another chicken farm went up, as fire destroyed two large, occupied chicken houses at a chicken farm in rural Jones County, Miss.
On May 2, a fire, followed by an ammonia leak, caused extensive damage at a food processing plant in Fresno, Calif.
Meanwhile, the state Fire Marshal issued a report on the destruction of the headquarters of Azure Standard Farms in Dufur, Ore.
While they originally suspected arson, the fire marshal has now ruled that spontaneous combustion of corn caused the blaze. While spontaneous combustion of grains is far more common than many realize, a specific set of conditions must be present for it to occur. Check out the press release the CEO of Azure Standard put out last week:
The marshal stated the fire started in a tote of rolled corn which was being temporarily stored in a cooler, at the Azure headquarters due to receiving an oversupply at the company’s warehouse. “There are two ways it may have started,” according to the fire marshal. “Because of the high moisture content of the corn, it could have started smouldering on its own and self-combusted or the tote or corn dust could have come in close contact to a nearby electrical outlet, shorted the electrical wiring and sparked the tote of corn,” she concluded.
Not a lot of certainty in that statement. Yes, moisture content in grains can cause spontaneous combustion, but the process also generally requires elevated temperatures. Maybe this is a stretch, but that statement seems a bit inconclusive.
So is this a mere anomaly, or is something else going on?
According to the National Fire Protection Association (NFPA), fire departments across the U.S. respond to a fire call once every 23 seconds. That’s an estimated total of 1,388,500 fires in 2020. In October 2021, the NFPA released a report showing shifting trends in fires in America over the past two years corresponding to the pandemic:
The National Fire Protection Association (NFPA) has released findings from its latest “Fire Loss in the U.S.” report, which shows that the total number of U.S. fires overall rose eight percent from 2019 to 2020. While some year-to-year fluctuation is normal, this increase reflects a far from typical year due to the pandemic.
“In 2020, more people were working and studying at home, commuting far less, and spending more time socializing outside,” said Lorraine Carli, vice president of Outreach and Advocacy at NFPA. “It appears that the fires followed these shifts.”
According to the report, which provides a broad overview of how, when, and where U.S. fires occur and their impact on life and property, residential structure fires rose five percent from 2019 to 2020, while non-residential structure fires fell eight percent. Highway vehicle fires fell nine percent; outside and other fires rose 17 percent. Civilian deaths and injuries fell six percent and eight percent, respectively.
Key findings from the report include the following:
- Overall, local fire departments responded to an estimated 1,388,500 fires in 2020, resulting in 3,500 civilian deaths, 15,200 civilian injuries and $21.9 billion in direct property damage.
- Every 23 seconds, a fire department in the United States responds to a fire somewhere in the nation.
- A fire occurs in a structure at the rate of one every 64 seconds, and a home fire occurs every 89 seconds.
- The death rate per 1,000 reported one- or two-family home fires was 16 percent higher than in 1980, while the comparable rate for apartment fires was 43 percent lower.
- Sixty-four percent of all U.S. home fire deaths occurred in one- or two-family homes; the other 10 percent occurred in apartments or other multi-family housing.
- Eighteen percent of fire deaths were caused by vehicle fires.
What’s notable is the increase in residential fires and the decrease in commercial fires, as more workers stayed home during the pandemic. It follows, then, that as our economy is permitted to open back up by the public health officials who shut it down, certain forces are at play. More people are at more worksites, doing more things to cause fires there than they would have if they stayed home.
Other factors could also be at play, and nothing is conclusive. Despite rumors to the contrary, our economy and our supply chains have experienced widespread weaknesses for years. The economic pause, as it were, implemented by global public health agencies, caused much deeper fractures in supply chains as producers found it difficult to switch from wholesale to retail production and back again. Those broken supply chains, in turn, faced difficulty in meeting increased demand in some industries, while labor markets continue to struggle to find and pay enough workers. Could some of the fires be an easy way out for some facilities that have struggled and have lucrative insurance coverage? Could some of the incidents have resulted from year over year of deferred maintenance in industries with a thin profit margin?
Remember, on the other hand, those same public health officials who shut down our economy deemed workers at such facilities “essential,” so no shutdown orders affected them. Plants didn’t simply lie around empty for two years, and personnel levels stayed mostly normal to handle maintenance issues that arose during that time. Lockdowns cannot explain the decrease in fires in 2019-20, nor the expected increase in 2022, because those lockdowns didn’t affect essential industries.
Is something more nefarious going on? Let’s remember back to May 2021 and what the Department of Energy calls the Colonial Pipeline Cyber Incident. The entire pipeline was shut down for a week, severely impacting the availability of airplane fuel and gasoline in several states in the Southeast. Colonial turned the pipeline back on, but only after paying Russian hackers $5 million in ransom.
A similar cyberattack hit JBS, the world’s largest meat processing company, a month later, in June 2021:
The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
In a statement late Wednesday, the FBI attributed the attack on Brazil-based meat processor JBS SA to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.
REvil has not posted anything related to the hack on its dark web site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom.
IS JBS CYBERATTACK A DRY RUN?
In October, a REvil representative who goes by the handle “UNKN” said in an interview published online that the agriculture sector would now be a main target for the syndicate. REvil also threatened to auction off sensitive stolen data from victims who refused to pay it. [emphasis added]
Again, without jumping to conclusions, it seems many forces have begun to negatively affect our domestic food supply. This, on top of expected global food shortages as we progress through 2022. It would be wise to prepare accordingly.