Crystal Valley Hit with Ransomware Attack; New Co-op Website Still Down
Crystal Valley, a farm supply cooperative headquartered in Mankato, Minn., has become the second agricultural co-op to be hit with a ransomware attack this month. Crystal Valley on Sept. 21 posted an alert on its website confirming that it had been targeted in an attack that infected its computer systems and “severely interrupted the daily operations of the company.”
“Crystal Valley and cyber security experts are working diligently to re-establish safe and secure operating systems, which will be back online when we are confident the issue has been resolved,” the company said. “Because of this, we are unable to accept Visa, Mastercard, and Discover at our cardtrols until further notice. Local cards do work.”
The news follows earlier reports that New Cooperative Inc., Fort Dodge, Iowa, was struck by a ransomware attack on or around Sept. 17, forcing it to shut down its computer systems as it tried to mitigate the assault (GM Sept. 24, p. 1). The BlackMatter ransomware group took credit for the attack and demanded a $5.9 million ransom by Sept. 25 in exchange for a decryptor, saying the ransom would jump to $11.9 million if the deadline was not met.
BlackMatter is believed to be linked to the ransomware group DarkSide, which attacked Colonial Pipeline Inc. earlier this year, triggering fuel shortages along the East Coast.
The Messenger, a newspaper in Fort Dodge, reported that New Cooperative would not be paying the ransom, citing a farmer close to the co-op who said the federal government was treating the ransomware attack as a terrorist attack. New Cooperative representatives did not respond to requests for more information. As of Sept. 30, New Cooperative’s website was still down.
Crystal Valley reported that it was alerted of the ransomware attack on its operations on Sept. 19. On Sept. 24, the company reported that it was accepting grain at all elevator locations, though at a slower-than-normal pace due to the use of manual hand tickets. The company said a formal notification of data-breach was being sent to every customer and company on record at Crystal Valley. No further updates were provided as of Sept. 30. The company’s website was functioning throughout the week.
“No money was stolen from Crystal Valley in the cyber-attack,” the company said on Sept. 24. “As always, Crystal Valley is fully capable of meeting any and all financial obligations. At this time, we are not aware of any data being used inappropriately, or that it was actually obtained by anyone, but we have determined that confidential data could have been viewed by an unauthorized person. Therefore, customers and business partners alike should assume that their personal information was compromised and take precautionary measures to monitor their banking accounts and financial information, along with credit reports, etc.”
Crystal Valley operates 16 locations providing agronomy, grain, energy, and feed products and services to more than 2,700 agricultural producers in southern Minnesota and northern Iowa. The company is also part of the CommoditAg e-commerce crop inputs platform (GM Aug. 31, 2018).
Bloomberg on Sept. 29 reported that House Oversight Committee Chairwoman Carolyn Maloney and Republican Rep. James Comer are seeking an FBI briefing about the agency’s delay in aiding businesses targeted by a ransomware attack this summer. The lawmakers said the FBI reportedly obtained a digital decryptor key that could have unlocked affected systems, but withheld the tool for nearly three weeks.
“Ransomware hackers have shown their willingness and ability to inflict damage on various sectors of the U.S. economy,” Maloney and Comer wrote to FBI Director Christopher Wray. “Congress must be fully informed whether the FBI’s strategy and actions are adequately and appropriately addressing this damaging trend.”
Earlier this month, the FBI released a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. “Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs,” the FBI said. “Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.”
The FBI said multiple attacks have taken place on the food and agriculture sector since last year, including a Sodinokibi/REvil ransomware attack on a U.S. bakery company; an attack on global meat processor JBS in May that ended with JBS paying an $11 million ransom; a March 2021 attack on a U.S. beverage company; a January 2021 attack on a U.S. farm that caused losses of approximately $9 million; and a November 2020 attack on a U.S.-based international food and agriculture business that was hit with a $40 million ransom demand from the OnePercent Group.
