Major agriculture group New Cooperative was hit by a ransomware attack on or around Friday, September 17, 2021, leading the group to take its systems down. The American cooperative reportedly suffered the attack due to ransomware gang BlackMatter, a Russian-linked hacking group.
New Cooperative is an agricultural group based in Iowa. According to ABC News, the association mainly deals with corn and soy farmers. The group is also concerned with storing and marketing grains, as well as offering other agriculture-related needs such as fertilizer, crop protection, feed, and seeds.
The ransomware gang in question, BlackMatter, has hit New Cooperative with a massive amount in exchange for a decryptor in order to unlock the files the gang has scrambled. It is charging the association with a $5.9 million demand, threatening to publish and release one terabyte worth of data if the ransom fails to be paid by that Saturday.
Bloomberg states that the threat comes after President Joe Biden warned Russia-based hacking groups to avoid hitting any of the 16 critical sectors of the United States.
In response to the allegation, BlackMatter said to Bloomberg News that the Iowa-based institution cannot be found in the mandate provided by President Biden, making it available for attack, saying “The volumes of their production do not correspond to the volume to call them critical,” even saying that the association only operates in one state.
On top of locking the systems and scrambling information, ZD Net revealed that there were over 650 instances where the credentials relating to New Cooperative have been compromised. These include the passwords from employees and current executives, as shared by Tammy Kahn, COO of digital identity management firm FYEO.
ABC News cites Allan Liska, a security researcher at Recorded Future saying that the screenshots or samples or the malware were uploaded by Friday night or early on Saturday morning.
With New Cooperative having control and ties to 40% of the total grain production in the whole of the United States, The Hill reports that the group fears that the ransomware attack could affect the supply chain in the country if BlackMatter continues to hold its website under hostage.
As a precaution, a representative from New Cooperative told The Hill that they have taken their systems offline in the hopes of preventing further damage and unauthorized access to the gang, as well as a means to contain the threat. As of writing, New Cooperative is positive that they have contained the malware.
Aside from containing the threat, Bloomberg reveals that it had already reached out to customers to get its feeds to animals in need. The association has also turned to using paper tickets for its grain delivery process, lengthening the overall process as relayed by farmers to the news site.