Major agriculture group New Cooperative hit by ransomware attack


Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.

Security researchers shared posts detailing the attack across social media on Monday, and while New Cooperative did not respond to multiple requests for comment on the incident from The Hill, the company confirmed the attack to Bloomberg News.

“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” the company told Bloomberg in a statement. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”

Iowa-based New Cooperative is among the larger U.S. farm cooperatives, and according to Bloomberg received a ransom demand of $5.9 million from cybercriminal group BlackMatter. 

In what are thought to be screenshots of a negotiation between a spokesperson for New Cooperative and the hackers tweeted out by security researchers, New Cooperative noted that 40 percent of the nation’s grain production runs through its software, and that the ransomware attack would “break the supply chain very shortly” if the hackers did not relent. 

A spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA), the key federal agency tasked with securing critical U.S. infrastructure, declined to comment in favor of comments from New Cooperative. 

Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, was among security professionals tracking the ransomware attack Monday, telling The Hill that it was still unclear how far-reaching the attack might be. 

“New Coop is the 51st largest farm cooperative in the US, so there may be regional disruptions in the food deliveries and the ransomware attack appears to have taken New Coop’s Soil Map offline,” Liska told The Hill. 

“What is interesting here is the invocation of CISA by New Coop in the released chats,” Liska said, pointing to messages to the hackers from New Cooperative threatening to involve the agency. “We know that the threat actor behind BlackMatter is a sniveling little coward who ran and hid after the Colonial Pipeline attack, the New Coop is likely invoking CISA for the same reason, we’ll see if it has the same impact.”

The attack comes in the wake of more than a year of escalating cyberattacks during the course of the COVID-19 pandemic, in particular ransomware attacks targeting groups critical to key U.S. supply chains.

These incidents have included ransomware attacks in May on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, and on JBS USA, one of the largest meat providers. A ransomware attack on IT company Kaseya in July impacted up to 1,500 groups, while ransomware attacks on hospitals and schools during the COVID-19 pandemic have been an increasing concern. 

Both Colonial Pipeline and JBS USA chose to pay the ransom payments demanded, while Kaseya chose not to and obtained a decryption key from an undisclosed third party, with all three attacks linked to Russian-based cyber criminal groups. The Justice Department was able to recover the majority of the $4.4 million in bitcoin paid to hackers by Colonial.


Previous Washington's attack on oil and gas could backfire
Next Contaminated fuel from Orlando gas station caused $ 13,000 in damage to vehicles, motorist says