Cybersecurity

Major agriculture group New Cooperative hit by ransomware attack

Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.

A spokesperson for New Cooperative confirmed the attack to The Hill on Monday, noting in a statement that the company “recently identified a cybersecurity incident that is impacting some of our company’s devices and systems.”

“Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” the spokesperson said. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”

Iowa-based New Cooperative is among the larger U.S. farm cooperatives, and according to Bloomberg News received a ransom demand of $5.9 million from cybercriminal group BlackMatter. 

“Please know that NEW Cooperative is treating this matter with the utmost seriousness, and we are using every available tool and resource to quickly restore our systems,” the company spokesperson told The Hill. “We appreciate the patience of our valued customers as we investigate this matter and work to restore functionality and will share additional information directly with our customers as we learn it.”

In what are thought to be screenshots of a negotiation between a spokesperson for New Cooperative and the hackers tweeted out by security researchers, New Cooperative noted that 40 percent of the nation’s grain production runs through its software, and that the ransomware attack would “break the supply chain very shortly” if the hackers did not relent. 

A spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA), the key federal agency tasked with securing critical U.S. infrastructure, declined to comment in favor of comments from New Cooperative. 

Allan Liska, a senior intelligence analyst at cybersecurity group Recorded Future, was among security professionals tracking the ransomware attack Monday, telling The Hill that it was still unclear how far-reaching the attack might be. 

“New Coop is the 51st largest farm cooperative in the US, so there may be regional disruptions in the food deliveries and the ransomware attack appears to have taken New Coop’s Soil Map offline,” Liska told The Hill. 

“What is interesting here is the invocation of CISA by New Coop in the released chats,” Liska said, pointing to messages to the hackers from New Cooperative threatening to involve the agency. “We know that the threat actor behind BlackMatter is a sniveling little coward who ran and hid after the Colonial Pipeline attack, the New Coop is likely invoking CISA for the same reason, we’ll see if it has the same impact.”

The attack comes in the wake of more than a year of escalating cyberattacks during the course of the COVID-19 pandemic, in particular ransomware attacks targeting groups critical to key U.S. supply chains.

These incidents have included ransomware attacks in May on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, and on JBS USA, one of the largest meat providers. A ransomware attack on IT company Kaseya in July impacted up to 1,500 groups, while ransomware attacks on hospitals and schools during the COVID-19 pandemic have been an increasing concern. 

Both Colonial Pipeline and JBS USA chose to pay the ransom payments demanded, while Kaseya chose not to and obtained a decryption key from an undisclosed third party, with all three attacks linked to Russian-based cyber criminal groups. The Justice Department was able to recover the majority of the $4.4 million in bitcoin paid to hackers by Colonial.

-Updated at 7:20 p.m.