Major Russian Agroholding Targeted by Ransomware Attack
Hackers have attacked the information systems of several companies within the Miratorg agroholding, Russiaβs largest agricultural conglomerate, according to the Federal Service for Veterinary and Phytosanitary Supervision (Rosselkhoznadzor). The attackers used a malicious program disguised as a system Trojan file named Win32:Bitlocker/l!rsm. This virus encrypts data on the disk systems of infected computers, servers, and workstations by exploiting vulnerabilities in Microsoft-based operating systems. Once files are encrypted, they cannot be read or used without the decryption key.
βWork to eliminate the consequences of the attack is already underway, and normal operation of all systems will be restored as soon as possible,β Miratorg representatives emphasized.
The company also stated that there would be no interruptions in product deliveries and shipments, and that food supply to Russian consumers would continue as usual.
Affected Companies Within the Miratorg Holding
- LLC “FATEZHSKAYA YAGNYATINA” β INN: 4017006738
- LLC “BRYANSKY BROILER” β INN: 3250519281
- LLC “MIRATORG-KURSK” β INN: 4623004836
- LLC “BRYANSK MEAT COMPANY” β INN: 3252005997
- LLC “KURASOVSKY PIG COMPLEX” β INN: 3109003598
- LLC “PRODMIR” β INN: 5009074197
- ZAO “KOROCHA PIG COMPLEX” β INN: 3110009570
- LLC “TRIO-INVEST” β INN: 5009045076
- LLC “BELGO GEN” β INN: 3115004381
- LLC “AGROFIRMA BLAGODATENSKAYA” β INN: 4620009025
- LLC “MIRATORG ZAPAD” β INN: 3906072585
- LLC “MIRATORG TRADING COMPANY” β INN: 5009072150
- LLC “SAFONOVSKY PIG COMPLEX” β INN: 3109004344
- LLC “PRISTENSKY PIG COMPLEX” β INN: 4619004640
- LLC “MIRATORG-BELGOROD” β INN: 3109004317
- LLC “VOZROZHDENIE” β INN: 4623005325
- LLC “KALININGRAD MEAT COMPANY” β INN: 3921799103
- LLC “KALINOVSKY PIG COMPLEX” β INN: 3115006318
These organizations are currently unable to process production and transportation veterinary documents electronically. Experts say that recovery efforts are ongoing and may take several days, but there is no exact timeline yet. The data recovery process is complicated by the difficulty of decrypting the Trojan and the affected files.
According to the agency, such a sophisticated cyberattack on food industry enterprises has not been seen in the more than ten-year history of the VetIS information system. They did not rule out the possibility of deliberate sabotage. In light of the situation, the agency suggested allowing the holding and its partners to move products (excluding bio-waste and live animals) using paper certificates or the Mercury system until the virus is eliminated. They noted that the company has a reliable reputation, making this exception possible.
Experts also advised the company to create backup copies of the system and any remaining parts of the database on non-volatile storage devices. This would allow for quick restoration of operations with minimal data loss if needed.
Miratorg has promised to do everything possible to prevent disruptions in product deliveries and shipments.