Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.
Security researchers shared posts detailing the attack across social media on Monday, and while New Cooperative did not respond to multiple requests for comment on the incident from The Hill, the company confirmed the attack to Bloomberg News.
âNew Cooperative recently identified a cybersecurity incident that is impacting some of our companyâs devices and systems,â the company told Bloomberg in a statement. âOut of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.â
Iowa-based New Cooperative is among the larger U.S. farm cooperatives, and according to Bloomberg received a ransom demand of $5.9 million from cybercriminal group BlackMatter.Â
In what are thought to beÂ screenshots of a negotiation between a spokesperson for New Cooperative and the hackers tweeted out by security researchers, New Cooperative noted that 40 percent of the nationâs grain production runs through its software, and that the ransomware attack would âbreak the supply chain very shortlyâ if the hackers did not relent.Â
A spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA), the key federal agency tasked with securing critical U.S. infrastructure, declined to commentÂ in favor of commentsÂ from New Cooperative.Â
Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, was among security professionals tracking the ransomware attack Monday, telling The Hill that it was still unclear how far-reaching the attack might be.Â
âNew Coop is the 51st largest farm cooperative in the US, so there may be regional disruptions in the food deliveries and the ransomware attack appears to have taken New Coopâs Soil Map offline,â Liska told The Hill.Â
âWhat is interesting here is the invocation of CISA by New Coop in the released chats,â Liska said, pointing to messages to the hackers from New Cooperative threatening to involve the agency. âWe know that the threat actor behind BlackMatter is a sniveling little coward who ran and hid after the Colonial Pipeline attack, the New Coop is likely invoking CISA for the same reason, weâll see if it has the same impact.â
The attack comes in the wake of more than a year of escalating cyberattacks during the course of the COVID-19 pandemic, in particular ransomware attacks targeting groups critical to key U.S. supply chains.
These incidents have included ransomware attacks in May on Colonial Pipeline, which provides 45 percent of the East Coastâs fuel, and on JBS USA, one of the largest meat providers. A ransomware attack on IT company Kaseya in July impacted up to 1,500 groups, while ransomware attacks on hospitals and schools during the COVID-19 pandemic have been an increasing concern.Â
Both Colonial Pipeline and JBS USA chose to pay the ransom payments demanded, while Kaseya chose not to and obtained a decryption key from an undisclosed third party, with all three attacks linked to Russian-based cyber criminal groups. The Justice Department was able to recover the majority of the $4.4 million in bitcoin paid to hackers by Colonial.