Ransomware gang strikes Iowa agriculture business New Cooperative, the latest hack on food supply chain

Written by

The BlackMatter ransomware gang has struck an Iowa agricultural business, New Cooperative, and is demanding a $5.9 million ransom.

Several security researchers first called attention to the hack on Monday, and the company confirmed to Bloomberg that it had been hit with a cyberattack and shut down its systems in response. It’s another big hit against the agriculture industry, following the May ransomware attack on JBS by REvil, a gang that researchers said has ties to BlackMatter.

New Cooperative is a grain collective based out of Fort Dodge. In negotiations dated Sept. 19 and posted online, a person speaking on behalf of the company said the attack would cause severe problems in the food supply chain.

“We are critical infrastructure – we [sic] intertwined with the food supply chain in the US,” they wrote. “If we are not able to recover very shortly, there is going to be a very very public disruption in the grain, pork and chicken supply chain. About 40% of grain production runs on our software, and 11 million animal feed schedules rely on us.”

The negotiator for New Cooperative said that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency would be demanding answers within 12 hours, and called attention to BlackMatter’s claim that it doesn’t target critical infrastructure. BlackMatter’s negotiator answered, “You do not fall under the rules.”

The firm did not immediately respond to request for comment. CISA referred questions back to the company. The federal government has labeled “food and agriculture” as one of the nation’s critical infrastructure sectors.

Recorded Future Dmitry Smalyinets, an analyst at threat intelligence company Recorded Future, said the attack “looks bad.”

“The threat actors claimed to have stolen data related to the complete line of precision tools for guidance, steering, and controlled input usage,” he said via email.

The negotiator told BlackMatter that “The impact of this attack will likely be much worse than the pipeline attack for context,” referring to the Colonial Pipeline ransomware attack in May, which spurred a fuel panic.

Allan Liska, another analyst at Recorded Future, said he expected CISA and the U.S. Department of Agriculture would be involved in responsing to the attack.

Tonya Riley contributed reporting.