FORT DODGE, Iowa — New Cooperative, an Iowa based farm and grain cooperative, announced on Sept. 20 that its systems were offline following a recent cyber security incident.
“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained. We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation,” New Cooperative said in a statement.
BlackMatter, a Russian cyber-attack group, has taken credit for the incident, and demanded $5.9 million for the financial and human resources information that it claimed it had obtained, according to wire reports.
The timing of this attack is critical for the cooperative as harvest season, especially for soybeans, will soon be in full gear.
New Cooperative, which operates throughout Iowa — the nation’s top corn producing state — provides such services as grain storage elevator operations, sells chemicals and fertilizer, and purchases grain crops from farmers.
In June, meat producer JBS USA paid approximately $11 million to end a ransomware attack that forced the company to shut down many of its processing facilities. And in May, Colonial Pipeline paid $5 million to end a cyber-attack on its systems that affected the distribution of oil and fuel to a large part of the East Coast.
“We’re yet again in the midst of a massive ransomware attack on critical infrastructure. Whether this attack will result in food shortages due to panic buying or operational downtime, like we saw in the aftermath of Colonial Pipeline, is unknown,” said Marty Edwards, vice president of operational technology security with Tenable. Tenable is a cyber risk protection company serving many large corporations.
“Despite BlackMatter having previously agreed not to target critical infrastructure, New Cooperative wasn’t spared,” Edwards added. “While CISA (U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency) defines critical infrastructure as 16 different sectors, including food and agriculture, are we really surprised that bad actors don’t follow the same guidelines as the U.S. government? If our best defense against widespread, damaging ransomware attacks on critical services is to take the word of cybercriminals, we’re in an even worse position than I thought.”
On Sept. 20, Bloomberg reported the New Cooperative incident and was contacted directly by the BlackMatter group, which stated that it did not believe New Cooperative is critical infrastructure. Bloomberg added that the group said to them that, “They will pay or have nothing.”
“We aren’t dealing with lone wolf ‘hackers’ here. And, treating them as such, we’re doing a lot more harm than good,” Edwards said. “These groups run large-scale, organized criminal operations in the digital world. They have help desks, payroll and support centers. Stopping these attacks and the cybercriminals behind them has to be a coordinated effort across the public and private sectors.”
In an earlier statement, before the Labor Day holiday, Eric Goldstein, executive assistant director for cybersecurity with CISA, said, “Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable. With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat.”
The U.S. government has set up a ransomware information website. To view, click www.stopransomware.gov.
