During a recent conference call with Farm Equipment, Bob Sinclair, CEO of Iowa’s Sinclair Tractor, a John Deere dealership group with 16 locations, discussed the cybercrime committed against his company. Below, in his own words, Sinclair shares details that could help other dealers realize a ransomware attack could happen to them too, and how to prepare. 

Four years ago, we got hit with a ransomware attack. Russian software administered by North Korean state sponsored terrorists shut down our entire system right as corn harvest was happening. Going back to paper and basically rebuilding everything; that was a challenge. And we didn't pay the ransom and it didn't hurt us a whole lot, but it was a big challenge. 

Every computer and every server in our organization had to be rebuilt or replaced. Some stuff we didn't get back, but we got back all our financial transactions and parts inventories and working process and some of those things. But that just was something that came out of left field that was very challenging. And so from that, we've absolutely upgraded what we're doing.

We added some artificial intelligence type computer programs to help us to manage some of those things and to protect us a little more. And with a lot of employee education and training and due diligence and maybe a little bit of luck, we've gotten through all that. The interesting side of about that is, the extra measures we've taken adds about a half of a 1% of total sales to our budget. It’s expensive to be safe, but it's also expensive to be down. So, that's been the biggest challenge we've had.

What Happened 

A technician opened an email that they shouldn't have and it got into the system and it put on a key logger. And over about 8 months, they were in. They were able to infiltrate everything. And then they finally had their attack 8 months after they initially got in. So, it's kind of one of those things where you can have all your protection to keep people from getting in your house, but you're not locking the doors inside your house, and your security isn't inside your house, it's on the perimeter. And so, we've basically added security to the inside of our house where we know what's happening in every room, not just whether somebody got in.

So, what happened was an email address that popped up on every infected computer. I even forget what it was. And you were supposed to contact them, but we never did. We just worked through it ourselves and had a couple friends in the Department of Defense that had some things and brought in a rapid response team, and we handled it internally.

Insurance Went Only So Far

We had insurance, but it wasn't very good. And at that point, our insurance company didn't really know much about it. And so, it was a case where looking into it is something that is good for every company to do. The insurance that we had was mainly for the reporting side of it. So, there's certain things that you must do and attorneys and forensic investigative firms that you must hire as part of your obligation under federal law when you've been hacked. 

And so that basically took care of all of that but the actual expense of computers and downtime and those things were not covered under the insurance that we had at that point.

For more on cybercrime and ransomware in the farm equipment industry, click here.