Home Impact producer Russia-linked BlackMatter Hacked New Cooperative in Ransomware Attack

Russia-linked BlackMatter Hacked New Cooperative in Ransomware Attack



to play

Experts say cyberattack on northwestern Iowa grain co-op could signal Russian-linked groups start targeting small farm businesses in rural America as large corporations tighten their security .

The cyberattack on New Cooperative, an agricultural services company headquartered in Fort Dodge, follows a ransomware attack on meat packaging giant JBS in late May.

JBS shut down at least one pork processing plant in Iowa as well as its nine beef plants in the United States before paying the hackers $ 11 million in ransom. Cyber ​​security experts say Russian-backed ransomware group BlackMatter is demanding a $ 5.9 million ransom from New Cooperative.

New Cooperative admitted Monday to have experienced “a cybersecurity incident” affecting some of the “devices and systems” of the company. The member-owned company said it was using “every tool and resource available to quickly restore our systems.”

The cooperative said it had notified law enforcement and was working with data security experts to “investigate and remedy the situation.”

The new cooperative declined to say more on Tuesday about the attack.

Why the new cooperative was attacked

The co-op, with 60 locations primarily in Northwestern and North Central Iowa, still accepts grain and provides feed to ranchers. His website was mainly back online on Monday afternoon, providing information on cash offers for corn and soybeans.

The attack reportedly began on Friday, just as Iowa farmers began harvesting about 22.5 million acres of corn and soybeans.

“We have seen many signals that the bad guys are taking the market down,” attacking small hospitals, local governments and other targets,

Previously: Iowa grain cooperative targeted in cyberattack by Russian-linked hacker

Chad Hart, an agricultural economist at Iowa State University, said “size really doesn’t matter” to hackers.

“We tend to think of cyber attacks as really targeting very large companies, and JBS was a classic example of that,” Hart said. But “cybercriminals are looking for any target they think could be valuable.”

BlackMatter says on its website that it is not targeting critical infrastructure, although many argue that the new co-op is essential because it provides feed for livestock. Agriculture is among 16 critical economic sectors in the United States that President Joe Biden has told Russian President Vladimir Putin that hackers should avoid.

In a Twitter exchange, believed to have taken place between the company and BlackMatter, the co-op said it was critical infrastructure “intertwined with the food supply chain.”

“If we are not able to recover very quickly, there will be a very very very public disruption of the grain, pork and chicken supply chain,” the cooperative reportedly said in the exchange. “About 40% of grain production runs on our software, and 11 million animal feeding programs depend on us.”

While New Cooperative is among the largest grain cooperatives in Iowa, Hart said that likely means 40% of their business uses their software.

“It has a good-sized footprint, but not 40%” of Iowa’s total grain production, he said. The company expanded its presence by merging with MaxYield Cooperative, a West Bend-based elevator system, in July.

The role of the new cooperative in the Iowa agriculture industry

Farmers in the state are expected to harvest nearly 2.5 billion bushels of corn and 591.2 million bushels of soybeans. Iowa is the largest corn producer and the second largest soybean producer in the country.

The cooperative is likely to provide feed for 11 million animals. Iowa is the nation’s largest pork producer, raising about 50 million pigs a year, and the nation’s largest egg producer, with 14 billion eggs from 58 million hens.

Hart said he believed New Cooperative was also selling grain to customers outside of Iowa, and that the attack could affect ranchers of cattle, chicken and other animals in Texas, Kansas and the rest of the world. other parts of the country.

In addition to buying and selling grain, the cooperative sells seeds, fertilizers and herbicides, and provides crop advice to farmers.

The new co-op may have prepared for a cyberattack

Doug Jacobson, a computer engineer at Iowa State University, said he believed New Cooperative was likely prepared for the possibility of an attack because it was able to continue operating, even though workers used tickets. in paper to reduce the weight of the truck and measured the moisture of the grain on hand.

New Cooperative said in a statement Monday that it had “proactively taken our systems offline to contain the threat, and we can confirm that it has been successfully contained.”

Another indication is how quickly New Cooperative appealed to federal law enforcement to help them respond, Jacobson said.

This could reduce the hackers’ bargaining position, although groups often hold data hostage, threatening to release it to the public unless ransoms are paid.

Hamilton said New Cooperative had already negotiated the ransom at $ 1.9 million, based on some reports.

“You can’t anticipate what the criminals are going to do, but it might not be what they thought,” Jacobson said.

Following: Dam releases, bank ruptures and poisoned water: cyber pros warn that the worst cases are possible

It’s not like JBS and Colonial Pipeline Co., which were hacked earlier this year: “Those were big wins,” he said.

The attack on Colonial, which paid hackers $ 4.4 million, sparked fuel shortages along the east coast.

to play

Colonial Pipeline Cyber ​​Attack May Cause Gas Shortage, Here’s Why

A cyberattack on the colonial pipeline could lead to fuel shortages in parts of the southeast. Find out why gas prices may be on the rise.


Hart said the likely impact of the attack on the new cooperative is that farmers trying to harvest their crops will be slowed down.

He said New Cooperative was lucky it wasn’t hacked weeks later when elevators across the state were likely to be hit by a corn and soybean tsunami.

Recorded Future security researcher Allan Liska told The Associated Press that the criminals demanded a ransom of $ 5.9 million for a decryption key in order to unlock the files they scrambled. He said a sample of their malware was uploaded to a research site late Friday or early Saturday.

Is BlackMatter a new version of DarkSide?

Security researchers believe BlackMatter could be a reconstructed version of the DarkSide ransomware syndicate that disrupted the Colonial Pipeline last spring and then announced its disbandment.

In an article on its dark website, BlackMatter threatened to release 1 terabyte of data it claimed had stolen from New Cooperative if its ransom demand was not paid by Saturday.

The cooperative, citing the ongoing investigation, declined to comment on a possible ransom or what data could have been compromised.

to play

DOJ: “Today we turned the tide on DarkSide”

The Justice Department has recovered the majority of a multi-million dollar ransom paid to hackers after a cyberattack that prompted Colonial Pipeline to shut down operations last month, officials said Monday. (June 7)


Colonial hackers tried to publicly distance themselves from the actual impact of the hack, Bloomberg reported, saying their operation was strictly financially motivated.

But within months, Operation DarkSide’s infrastructure disappeared from the dark web, and the FBI recovered part of Colonial’s more than $ 4 million ransom payment.

Hamilton said it was very possible that the FBI would recover a large chunk of any ransom that New Cooperative might also pay.

“They are getting very good at it,” he said.

to play

Biden warns cyber attacks could spark ‘war of shooting’

President Joe Biden used his first visit with members of the base of the US intelligence community to warn of growing threats to national security, especially the wave of cyber attacks, saying they could lead to a “real war of shooting”. (July 27)


Donnelle Eller covers agriculture, environment and energy for the Registry. Contact her at [email protected] or 515-284-8457. m