Retailers Discuss Challenges Posed by COVID, Ransomware Attacks

The long-term impact of COVID-19 on ag retailers was the subject of a Dec. 2 panel discussion at the Agricultural Retailers Association’s (ARA) 2021 Conference and Expo in San Antonio, Texas. Matt Carstens, President and CEO of Landus Cooperative in Ames, Iowa, said Landus immediately shut its corporate office in the early days of the pandemic, and also instituted work-from-home and contactless delivery policies.

“And we had our best spring season ever,” he said, noting that the company gained an average of three more productive hours per day with employees working from home. As a result, he said Landus has now reduced its in-office staff to roughly 15 from a pre-pandemic roster of 70-80. A poll of Landus employees found that 92 percent were either neutral or positive about working from home, he said.

Clay Houchin, CEO of Buttonwillow Warehouse Co. in Buttonwillow, Calif., said his company gave employees the option of working at home and “bought a lot of plexiglass” for those who opted to stay in the office. He said navigating the policy was a challenge, but above all, the company “wanted employees to feel safe.”

He said a particular challenge was dealing with a politically polarized workforce. “This issue was right in the workplace, fed by social media,” he said. “It was dangerous how divisive an issue can be.” Carstens agreed. “The smartest thing we did was to force everyone to play by the same rules,” he said.

A separate presentation at the conference provided a detailed look at how an agricultural cooperative responded to a recent ransomware attack. Brad Brown, Assistant General Manager at Augusta Cooperative Farm Bureau Inc. in Staunton, Va., said his company was hit on July 15, 2021, at 4:00 p.m. with an attack from a group known as Suncrypt. He estimates that Suncrypt gained access to Augusta’s system roughly 13 hours before contact was made, likely through a phishing email.

While staff immediately shut down Augusta’s 85 computers, which had all simultaneously gone to white screens, two printers began spitting out ransom notes notifying the company that it had been hacked and to await further instructions. He said staff were also “bombarded” by calls from hacked phones within the company.

Brown said Augusta immediately called its banking partners, along with all stores and store managers, and pulled in local IT experts that included a forensics team, a privacy attorney, and a negotiator. Also on the team was Mike Moore, Executive VP of EFC Systems, which helps restore data and provides tech security.

Brown said all of the company’s computers were wiped by 10:00 p.m. that same day. About two-and-a-half days after the attack, a negotiator with Suncrypt initiated contact and demanded $500,000 in ransom, via bitcoin.

By this time, Brown said Augusta was aware that the attack had hit its HR and controller systems, but the company’s customer data was secure. Augusta also had a sound backup system, which allowed its tech infrastructure to be fully operational is less than a week.

Brown said Augusta decided nothing would be gained by paying the ransom, but the company’s negotiators engaged in delay tactics with Suncrypt, and the ransom demand fell from $500,000 to $33,000 over a two week period. The last contact with Suncrypt was on Aug. 14, nearly a month after the attack. No ransom was ever paid.

Brown and Moore said many lessons were learned from the incident. Augusta was forced to go to hand tickets while its systems were down, which Brown said was “a huge learning process.” The attack also prompted a “massive rebuild” of the company’s IT security. While Augusta’s insurance provider covered software investments to rebuild, Brown said the policy would only pay out a total of $10,000 in ransom.

“In the ag industry, less than one percent of the annual budget is typically spent on tech and tech-related issues,” Moore said. As cyber-attacks grow in number and complexity, and target smaller, unlikely companies such as Augusta, Moore said ag companies “will be obligated to pay more for tech security going forward.”

New Cooperative Inc., Fort Dodge, Iowa, with struck by a ransomware attack on or around Sept. 17 (GM Sept. 24, p. 1), and Crystal Valley, a farm supply cooperative headquartered in Mankato, Minn., posted an alert on its website on Sept. 21 (GM Oct. 1, p. 1) confirming that it had been targeted in an attack that infected its computer systems and “severely interrupted the daily operations of the company.”