blackbasta attacks AGCO Finance

Incident Date:

May 25, 2022

World map



blackbasta attacks AGCO Finance


AGCO Finance




Duluth, USA

Georgia, USA

First Reported

May 25, 2022

AGCO Finance Targeted by Blackbasta Ransomware Group

AGCO Finance, a global leader in the design, manufacture, and distribution of agricultural machinery and precision ag technology, has been targeted by the ransomware group Blackbasta. The attack was announced on the group's dark web leak site. AGCO operates in the Manufacturing sector and has an international footprint, owning tractor and farm equipment brands like Challenger, Massey Ferguson, Fendt, and Valtra, each serving markets all over the globe.

The company's experience with the ransomware attack is relevant to organizations of all sizes and industries, as it highlights the vulnerability of IT systems connected to the Internet. The attack was reported to be politically motivated, with AGCO Agriculture Foundation donating $50,000 to the BORSCH initiative, which assists Ukrainian farming communities affected by the war with Russia, the day before the attack.

The Impact of the Attack

The ransomware attack hit some of AGCO's production facilities on May 5, 2022, and restoring operations to normal took several days. The company is still investigating the extent of the attack, and it is anticipated that its business operations will be adversely affected for several days.

AGCO's vulnerabilities in being targeted by threat actors include potential causes such as phishing emails, remote desktop protocol (RDP) misconfigurations, and drive-by downloads from compromised websites. The company is still evaluating the scope and consequences of the data loss, and while it does not have retail operations, it is still assessing the impact on its operations.

AGCO's Position in the Industry

AGCO had net sales of approximately $11.1 billion in 2021 and is headquartered in Duluth, Georgia, USA. The company's focus on precision ag technology and its differentiated brand portfolio, including core brands like Challenger, Fendt, GSI, Massey Ferguson, and Valtra, make it a significant player in the agricultural machinery industry.

The attack on AGCO Finance serves as a reminder of the importance of cybersecurity measures to protect against ransomware attacks, which can disrupt operations and cause significant financial and reputational damage.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.