New Cooperative Inc., Fort Dodge, Iowa, was struck by a ransomware attack and had to shut down its computer systems as it tried to mitigate the assault, according to Bloomberg. The attack occurred on or around Friday, Sept. 17, according to Allan Liska, Senior Threat Analyst at the cybersecurity firm Recorded Future Inc. He said the ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom.
New Cooperative confirmed that they had been attacked and said they had contacted law enforcement and were working with data security experts to investigate and remediate the situation.
“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” according to a statement from the cooperative. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”
New Cooperative has communicated with its feed customers and is working to create workarounds to get feed to animals while its systems are down, a person familiar with the matter said. Farmers told Bloomberg that grain delivery, normally a digital process, has gone old school. Workers are using paper tickets to take down truck weight and grain moisture content by hand, slowing down the process considerably.
Agriculture Secretary Tom Vilsack urged U.S. agricultural cooperatives to “harden” defenses against cyber-attacks after the New Cooperative attack. “We want to make sure during this harvest that we don’t have any additional disruptions as a result of systems being hacked,” he said Sept. 22 in a speech to the National Association of State Departments of Agriculture’s annual meeting.
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation “are in close contact with New Cooperative and have offered assistance in supporting the company’s response and recovery,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein. “The company is engaging proactively with CISA as the investigation progresses.”
It is unclear to what extent New Cooperative’s systems have been affected. BlackMatter is believed to be linked to the ransomware group DarkSide, which attacked Colonial Pipeline Inc. earlier this year, triggering fuel shortages along on the East Coast.
According to a post on BlackMatter’s website, the ransomware group has stolen New Cooperative’s financial information, human resources data, research and development information, and source code for its “SoilMap” product, a technology platform for agricultural producers. A message on SoilMap’s website said the product is currently unavailable. The cooperative disabled the platform as a precautionary measure to protect customers from hackers, according to Dow Jones, which also saidBlackMatter claimed to have stolen 1,000 gigabytes of information and gave the cooperative until Sept. 25 to pay the ransom.
In July, President Joe Biden presented Russian President Vladimir Putin with a list of 16 critical infrastructure sectors that should be off-limits to ransomware groups. The list included the “food and agriculture sector.”
BlackMatter sent a message to Bloomberg saying it didn’t believe that New Cooperative constituted critical infrastructure. “The volumes of their production do not correspond to the volume to call them critical,” said BlackMatter. “We don’t see any critical areas of activity. Also this company only works in one state. They will pay or have nothing.”
New Cooperative has over 60 locations in Iowa offering grain, agronomy, energy, and feed products and services. It merged with MaxYield Cooperative, West Bend, Iowa, in August (GM July 9, p. 1).