New Cooperative — an Iowa-based farm service provider — has been hit with a ransomware attack, continuing a streak of incidents affecting agricultural companies this year.
The company did not respond to requests for comment, but confirmed to Bloomberg News that it was suffering from a “cybersecurity incident” that impacted some of its devices and systems. They told Bloomberg reporters that they took systems offline to “contain the threat.”
Ransomware expert Allan Liska shared screenshots of the BlackMatter ransomware leak page with ZDNet, showing the group had troves of financial documents, network information for multiple companies involved with New Cooperative, the social security numbers and personal information for employees, R&D files and the source code for a farmer technology platform called Soil Map.
The ransomware group claims to have 1,000 GB of data and has set a timer that they say expires at noon on September 25.
Liska confirmed that other documents show BlackMatter is demanding a $5.9 million ransom.
On social media, multiple security researchers leaked chats between negotiators for New Cooperative and BlackMatter operators. Representatives for New Cooperative repeatedly say they are part of the much-discussed “16 critical sectors” that US President Joe Biden said were off limits to ransomware actors in conversations with Russian President Vladimir Putin.
In addition to saying they were part of the country’s critical infrastructure, they noted that there will be “public disruption” to the grain, pork and chicken supply chain if they are not back up and running.
The BlackMatter threat actors refuse to back down, saying only financial losses will be incurred from the attack. The chats also show that New Cooperative said they will have no choice but to contact CISA if they are not back up and running within the next 12 hours.
CISA did not respond to requests for comment, but the company told multiple outlets that law enforcement had already been contacted.
Reuters reported that the cooperative is involved in a variety of aspects of the grain business, including running grain storage elevators, selling fertilizer, buying from farmers and providing technology to farmers.
Don Roose, president of US Commodities in West Des Moines, Iowa, told the outlet that this was an especially important week for farmers because this is when harvests begin to ramp up, particularly for crops like soybeans. New Cooperative said it is working with its customers to get grain to animals while they try to restore their systems, according to Bloomberg.
Despite the warnings from the White House, ransomware groups have not stopped their attacks on the agriculture industry. Earlier this month the FBI released a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains.
“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack,” the FBI said.
The notice goes on to list multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million.
JBS ended up paying an $11 million ransom to the REvil ransomware group after the attack caused meat shortages across the US, Australia and other countries. In November, the FBI also cited an attack on a US-based international food and agriculture business that was hit with a $40 million ransom demand from the OnePercent Group. The company was able to recover from backups and did not pay the ransom.
Former CIA cyber official Marcus Fowler told ZDNet that the attack on New Cooperative is the fourth crippling and high-profile attack on US critical infrastructure in recent months.
Fowler noted that while the Biden Administration can aspire for certain sectors to be off-limits from hackers, significant parts of the US’ infrastructure and businesses are interconnected, making it nearly impossible to separate critical from non-critical industries.
“What’s more, if BlackMatter truly is DarkSide 2.0, then this is evidence that the President’s talks and warnings have had little impact. Based on the details currently available, there are striking parallels between this attack and the recent campaigns against Colonial Pipeline and JBS,” said Fowler, who is now director of strategic threat at cyber firm Darktrace.
“Just like in these instances, New Cooperative took their operational technology (OT) systems offline as a precautionary measure to an IT side attack. We still need to get better at securing OT.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
