Updated May 9, 2022, 11:58 a.m. CST

AGCO announced today that on May 5, 2022, it was subject to a ransomware attack that has impacted some of its production facilities.

AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the Company is able to repair its systems. The Company will provide updates as the situation progresses.

Ag Equipment Intelligence reached out to AGCO for additional details and received the following response:

AGCO Corporation announced today that it has been subject to a cybersecurity incident that has impacted some of our production facilities. We are working to address the issues. Our first priority is to restore those critical activities needed to keep farmers farming.  We will provide updates to impacted employees, dealers, suppliers and customers as the situation progresses. 

Ag Equipment Intelligence received a copy of the email update AGCO dealers received from AGCO on May 6 at 11:52 a.m., which confirmed some portions of AGCO's parts systems were down. A portion of the email update is presented here, minus the instructions AGCO gave dealers on how to place emergency orders "outside VIP machine-down situations."

Dear Dealer,

We wanted to give you an update on AGCO Parts’ systems, which have been down since yesterday. This email contains updates on systems that are back up and running and provides workarounds for those that are not.

The following systems are available with full or partial functionality:

  • Partsbooks-To-Go App: Currently working for those with access to the app. 
  • D2D: The ability to view other dealers’ inventory is working. Invoicing and crediting are currently unavailable. Once the system is fully restored, we will process the information accordingly.

The remainder of AGCO Parts’ systems are still down and are expected to be down through the weekend. We are currently prioritizing the most business-critical systems to ensure continuous support to our distribution partners and farmers throughout this interruption. 

With that, we are now able to take emergency orders outside of VIP machine-down situations—Order Class 1 and Order Class 2. However, due to the ongoing systems-wide issue, there is a unique process that MUST be followed for the Class 1 and Class 2 orders to be placed/processed.

Please note:

  • Orders will be processed in the order they are received. All orders will be processed as Order Class 2 (2PM Order) regardless of when they are placed.
  • We cannot guarantee any orders placed today will be shipped out today. We will do our best to process and ship as many orders as possible today.
  • Normal fees and freight charges will apply as an Order Class 2 order.
  • Because of the temporary ordering process outlined above, drop shipping and ship-direct options are NOT available at this time.

We understand that this situation is less than ideal. Thank you again for your patience as we work to resolve this unexpected issue. We will send out another communication to let you know when systems have been restored. In the meantime, should you have any questions regarding the process outlined above, please reach out to your Field Aftersales Manager or Inside Aftersales Manager directly.

One AGCO dealer told Ag Equipment Intelligence in an email on May 7 at 9:00 a.m. that the ransomware attack is currently "an inconvenience. If it lasts a week, it will be painful."

AGCO will have a tremendous back log of orders to fill.  We can call our account managers and walk through sales issues to some extent — but they cannot access inventory either.  It is impressive how they are working together as a team to make work what they can.

Each step of progress they make, we get an email saying you can now do this by....etc.  The AGCO team members are impressive as when we have a question it gets spread to many and we receive numerous responses and follow ups.  

This AGCO dealer also stated the ransomware attack was "probably Russian terrorist[s]" and that the FBI was involved, saying, "This info came from official emails, personal emails, texts and phone calls."