By William Turton
Iowa-based grain cooperative New Cooperative Inc. was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack.
The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said.
New Cooperative confirmed that they had been attacked and said they had contacted law enforcement and were working with data security experts to investigate and remediate the situation.
“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” according to a statement from the cooperative. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”
New Cooperative has communicated with its feed customers and is working to create workarounds to get feed to animals while its systems are down, a person familiar with the matter said.
The U.S. Cybersecurity and Infrastructure Security Agency didn’t immediately respond to a request for comment. It is unclear to what extent New Cooperative’s systems have been affected. BlackMatter is believed to be linked to the ransomware group DarkSide, which attacked Colonial Pipeline Inc. earlier this year, triggering fuel shortages along on the East Coast.
BlackMatter’s hackers are native Russian speakers and their code is in Russian, Liska said.
In July, President Joe Biden presented Russian President Vladimir Putin with a list of 16 critical infrastructure sectors that should be off-limits to ransomware groups. The list included the “food and agriculture sector.”
“Certain critical infrastructures should be off-limits to attack, period, by cyber or any other means,” Biden said. “I gave them a list, 16 specific entities defined as critical infrastructure under U.S. policy, from the energy sector to water systems.”
In a message on Monday after Bloomberg published a story about the attack, BlackMatter said it didn’t believe that New Cooperative constituted critical infrastructure.
“They will pay or have nothing,” the group said.
According to a post on BlackMatter’s website, the ransomware group has stolen New Cooperative’s financial information, human resources data, research and development information and source code for its “SoilMap” product, a technology platform for agricultural producers. A message on SoilMap’s website says the product is currently unavailable.
Based in Fort Dodge, Iowa, New Cooperative has over 50 locations across the top U.S. corn-growing state and is among the larger crop buyers from its farmer members. The cooperative, which in July announced a merger with MaxYield Cooperative, also distributes fuel and crop chemicals.