Major US farm service provider New Cooperative Inc. was hit by what is most likely a ransomware attack. A leaked conversation shows the company feared the disruption could impact the US food supply.
According to DarkFeed, a deep web monitoring feed, the company was hit by a Russian-speaking ransomware group BlackMatter, linked to the notorious Darkside cyber cartel.
In what appears to be a conversation between New Cooperative Inc and the hackers, New Cooperative appeals to threat actors claiming the attack can lead to disruptions in the grain, pork, and chicken supply chain. DarkFeed claims that the ransom demand is $5.9 million.
The company operates grain storage elevators in the top US corn-producing state, buys crops from farmers, sells fertilizer and other chemicals needed to grow crops. The company also owns technology platforms for farmers that provide agronomic advice on maximizing their harvests.
“About 40% of grain production runs on our software, and 11 million animals feed schedules rely on us. This will break the supply chain very shortly, and we will have to report this to our regulators and likely the public if this disruption continues,” New Cooperative Inc spokesperson wrote in a conversation dated 19 September.
The hackers dismissed the company claims to be a critical infrastructure business, saying ‘the critical ones mean the vital needs of a person, and you earn money.’
However, the Department of Homeland Security defines ‘food and agriculture industry as a critical infrastructure sector. During a meeting between US President Joe Biden and Russian president Vladimir Putin, Biden told Putin that “critical infrastructure” companies should be off-limits to ransomware gangs.
According to John Shier, a senior security advisor at security company Sophos, the exchange between the company and the hackers is striking, since it reflects on the US stance that critical infrastructure should be 'off-limits.'
"This attack will be the first to test the new U.S. government policy on reporting attacks against critical infrastructure to CISA and the Biden administration's response to such an attack," Shier wrote in an email.
This is a very clear attack on an organization that is part of our critical infrastructure,Allan Liska.
Reuters contacted several grain storage elevators operated by NEW Cooperative to find out they were still open. The company claims some of the systems are offline to contain the incident.
“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” NEW Cooperative Inc said in a statement. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”
The timing of the attack is making it crucial that New Cooperative Inc. gets their systems back online as soon as possible as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across Iowa, Don Roose, president of US Commodities in West Des Moines, Iowa told Reuters.
“This is a very clear attack on an organization that is part of our critical infrastructure,” Allan Liska, a senior analyst with US cybersecurity firm Recorded Future, told Reuters. “This could result in disruptions to food delivery in parts of the country.”
A year in turmoil
The last 12 months were ripe with major high-profile cyberattacks on network management company SolarWinds, the Colonial Pipeline’s oil network, meat processing company JBS, and software firm Kaseya. Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.
A recent IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
The absolute ransomware nightmare began in 2019 when the Maze ransomware group introduced double extortion tactics. Recently the tactic evolved into a triple extortion phase.
Since 2019, multiple data leak sites have emerged, such as the Maze ransomware website, Happy Blog operated by Sodinokibi (REvil), Conti News, and Babuk Locker. Over 2,600 victims have been named to a data leak site since the trend began, and 740 different victims were named just in Q2 2021 alone.
More from CyberNews:
Subscribe to our newsletter