Cyber Incident Victim: Union des producteurs agricoles du Québec

The Union des producteurs agricoles (UPA) experienced a major ransomware attack beginning on August 7, 2022, which disrupted its entire IT infrastructure. Attackers infiltrated the organization's systems, encrypted data, and demanded payment for decryption keys, paralyzing operations at UPA's Longueuil headquarters and remote work capabilities. All 160 employees lost network access, preventing normal business functions. The attack also impacted 23 client organizations reliant on UPA's network, including specialized federations such as Producteurs de grains du Québec. UPA's director general Charles-Félix Ross confirmed this was the most severe cyber incident in the organization's history, describing ransomware attacks as an "epidemic" requiring coordinated international intervention. While core agricultural operations remained unaffected, the attack blocked access to critical files, including a special supplement for an agricultural exhibition planned by UPA-affiliated journal La Terre de chez nous, forcing contingency measures for publication.

UPA engaged external cybersecurity experts to investigate the breach, secure networks, and assess the attack's full scope. Several entities with independent IT systems—including Producteurs de lait du Québec, Éleveurs de porcs du Québec, and La Terre de chez nous' website—avoided disruption. Ross emphasized no immediate operational impacts on Quebec's 42,000 agricultural and forestry producers represented by UPA but highlighted broader business challenges caused by frequent cyberattacks. The organization maintained its stance against paying ransoms while advocating for enhanced web regulation and comparing the need for digital policing to physical community security measures. Response efforts focused on system restoration and vulnerability analysis, with no disclosed timeline for full recovery.