AGCO (MF) ransomware attack disrupts tractor sales during U.S. planting season

[alylea]

Looks like the parent company of Massey Ferguson is not having a good day.


"Tim Brannon, president and owner of B&G Equipment Inc in Tennessee, told Reuters he has not been able to access AGCO's website for ordering and looking up parts since Thursday morning."


AGCO ransomware attack disrupts tractor sales during U.S. planting season

 

[Dmacleo]

maybe thats why HP was working on agco stuff since thursday night

Agco Parts site down until at least monday for upgrades

course I needed to look up part info, site says call dealer. dealers can't look up parts either. HP doing upgrades on site. we'll see how THAT works out...

www.tractorbynet.com

parts lookups work fine for me now, but thats not production facility stuff of course.

 

[PuffyC]

Until the payment of ransom is illegal this will continue.

 

[Dmacleo]

agco put a statement on their website

News Releases | AGCO

news.agcocorp.com

May 06, 2022

AGCO, Your Agriculture Company (NYSE:AGCO), a worldwide manufacturer and distributor of agricultural equipment, announced today that on May 5, 2022, it was subject to a ransomware attack that has impacted some of its production facilities. AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the Company is able to repair its systems. The Company will provide updates as the situation progresses.

Cautionary Statements Regarding Forward-Looking Information

Our expectations with regard to resolving the issues are forward-looking statements, and actual results could be materially different due to a number of factors, including our ability to successfully reinstall software and restore IT operations at the effected sites.

good article mentions France being hit hard

Ransomware hits global farm machinery giant AGCO

John Deere rival says it may be days or 'potentially longer' before some production facilities are back in action

www.theregister.com

according to reports in the French media, the Massey Ferguson tractor production lines in Beauvais, north of Paris, were shut down at the end of last week and the assembly line workers were sent home after servers at the facility were rendered inaccessible. And according to German media reports, workers in the Bavarian production facilities of AGCO's Fendt brand haven't come into work as the IT outage continues.

 

[Hay Dude]

Thats sad. AGCO brands is a damn good company.

 

[kenmbz]

The company I work for was hit with that stuff.
They chose to buy all new devices instead of pay.

Damn RWare parasites.

 

[sea2summit]

Until the payment of ransom is illegal this will continue.

Yeah, just like murders!

Ohh wait.

Most of the time these aren't US actors, making payments illegal is telling the business how they need to operate. If I was gonna tell a business what to do, I'd be more inclined to make it illegal to use computers

 

[Dmacleo]

The company I work for was hit with that stuff.
They chose to buy all new devices instead of pay.

Damn RWare parasites.

new devices does not regain your database.
its a large issue as anyone thats run servers/cdns/edge units realizes.

 

[kenmbz]

new devices does not regain your database.
its a large issue as anyone thats run servers/cdns/edge units realizes.

Remote backups cover that issue.

 

[Dmacleo]

Remote backups cover that issue.

when did incursion happen vs when did incursion present itself?
obvious you have never dealt with this.
I've dealt with stuff where the package was in place 8 months before the incursion presented itself.
when incursion is in place, yet not activated, every backup is useless yet...you won't know it.
remote backups my ass.

EDIT: well...turns out I misjudged poster I replied to. that person seems to be heavily involved.
I apologize.

 

[kenmbz]

This one was quick to infiltrate. Replaced a few thousand machines and ton of server with virtuals to keep the business up.
Off line backups saved the day, but it cost millions. Company made the decision to do this over paying. Was not easy.
At the time all of our subcompanies were on different independent networks, limiting the damage.
Now we have more ID, FW and other hw to get in the path. Plus educating the staff helped to the point where they even report some of our mass information emails as phishing.

 

[Dmacleo]

ok I stand corrected.
sounds like you are heavy into it and with your knowledge of the vectors I apologize.
I've just seen WAY too many people trumpet the offsite backup line that get suddenly shocked about the timing vector.

edit: where news reports mentioned france/germany (production plants for many agco stuff) while not mentioning US based production I wondered about separated networks.
that is not an area I have a lot of knowledge about, I'm one of those high IQ people with no direction that likes to play around and learn stuff. this item was on my list to learn about.
time to fire up some cheap VPS units and play around I guess.
again, I apologize for the stupid assumption I made. Mea Culpa.

 

[kenmbz]

No worries, I did not want to go into too much detail. Which is where you saw some gaps, which you pointed out, correctly. So on me too.
I hope AGCO had everything backup up offline. It is painful to repair/rebuild and buy new and takes a long time with big business impacts. I feel for them and all the other companies and people hit by these sc*m of the earth.

 

[Dmacleo]

yeah I've dealt with stuff like the largest android community in world (at the time, not sure now, droidforums was admin/etc) getting hit all the time as well as some US based 2nd amendment forums getting hit. plus I ran few vpns getting multiple TB a day of traffic for droid builds.
all for free for me (I operated on donation basis) just to try to help.
all I ever heard was "but we got offisite backups" (lot of cry and whine here when I said WTF cares) and had to deal with that crap.
I state I am not well versed enough in this stuff, pay the money have this/that company involved, they all scream.
some listened, android did, some others didn't. guess which one survived?
I know my knowledge limitations and am not afraid to acquiesce and learn from others that know more than me.