Iowa State

Iowa farm cooperative hit by ransomware, systems go offline

 10 days ago

A ransomware attack by the BlackMatter gang forced New Cooperative, an association of Iowa corn and soy farmers, to take their systems offline but it said it created workarounds to receive grain and distribute feed, a person close to the business said.

Member-owned New Cooperative said in a statement that the attack was “successfully contained” and that it had quickly notified law enforcement. It said it took its systems offline out of “an abundance of caution” and was working with data security professionals to quickly remedy the situation. It did not specify when the ransomware was activated.

The attack hit just as Iowa's corn and soy harvesting is getting under way,

Security researcher Allan Liska of Recorded Future said the criminals demanded a $5.9 million ransom for a decryptor key to unlock files they scrambled. He said a sample of their malware was uploaded to a research site either late Friday or early Saturday.

Security researchers believe BlackMatter may be a reconstituted version of the ransomware syndicate DarkSide that disrupted the Colonial Pipeline last spring then announced it was disbanding. BlackMatter claims on its darkweb site not to target critical infrastructure, though many would argue that New Cooperative is exactly that because it provides feed to livestock.

In a post on its darkweb site, BlackMatter threatened to publish 1 terabyte of data it claimed to have stolen from New Cooperative if its ransom demand was not paid by Saturday.

The person close to New Cooperative with knowledge of the case, speaking on condition they not be further identified, would not say whether a ransom was paid.

Based in Fort Dodge, Iowa, New Cooperative stores and markets the grain it collects and offers feed, fertilizer, crop protection and seed, according to its LinkedIn site.

Computer Weekly

JVCKenwood hit by Conti ransomware attack

Japan-based electronics supplier JVCKenwood has become the latest known victim in a renewed wave of Conti ransomware attacks that are spreading around the world. Details of the attack obtained by Computer Weekly’s sister title LeMagIT reveal that Conti has exfiltrated about 1.7TB of JVCKenwood’s data, including personally identifiable information (PII) on its staffers, some of which was provided to the company as proof of the attack.
dtnpf.com

Cyberattack on Iowa Cooperative Considered Terrorism

BIRMINGHAM, Ala. (DTN) -- NEW Cooperative has taken a stand against paying a ransom demand to hackers who launched a vicious cyberattack on the Iowa-based business. The group that calls itself "BlackMatter" locked the computer system of the business and threatened to start publishing stolen data if a $5.9 million ransom was not paid by Sept. 25. According to sources inside the cooperative, federal agents are now on site and consider the takeover an act of terrorism.
ZDNet

Crystal Valley Cooperative becomes latest agriculture business hit with ransomware

Minnesota-based farm supply and grain marketing cooperative Crystal Valley has become the latest agriculture business hit with a ransomware attack. The company released a statement on its website Tuesday afternoon, but the website is currently down as of Wednesday. On Facebook, Crystal Valley Cooperative confirmed that it had been hit...
Washington Post

Russian hackers deny an Iowa grain cooperative counts as 'critical'

Welcome to The Cybersecurity 202! The last time I wrote about a security incident in my home state of Iowa, everyone was angry at a company named Shadow and no one had any idea who won the caucuses. Seems like a decade ago. Below: Senators want answers about an FBI...
Axios

Russian hackers target Iowa farm co-op

Russian hackers launched a ransomware attack on an Iowa farming co-op and demanded $5.9 million to unlock the company's computer networks, per the Washington Post. Why it matters: NEW Cooperative, a member-owned alliance of soy and corn farmers consisting of over 8,000 members, was forced to go offline on Tuesday due to the cyberattack. The system is used to track food supply chains and feeding schedules for millions of chickens, hogs and cattle.
Dark Reading

New Cooperative's Ransomware Attack Underscores Threat to Food & Agriculture

Farm services provider New Cooperative recently suffered a ransomware attack that forced it to take systems offline. The attack follows months of high-level US government debate about how to address ransomware — and occurred days before US officials sanctioned the Suex cryptocurrency exchange. New Cooperative is a farmer cooperative with...
investing.com

Iowa farm services firm: systems offline due to cybersecurity incident

CHICAGO (Reuters) -Iowa-based farm services provider NEW Cooperative Inc said on Monday its systems were offline to contain a "cybersecurity" incident just as the U.S. farm belt gears up for harvest. The cooperative operates grain storage elevators in the top U.S. corn producing state, buys crops from farmers, sells fertilizer...
dtnpf.com

NEW Cooperative Latest Agribusiness Hit by Cyberattack

KANSAS CITY, Mo. (DTN) -- NEW Cooperative in Fort Dodge, Iowa, confirmed Monday it had been hit with a ransomware attack that affected the grain cooperative's operations, which include 60 elevator locations across north-central and western Iowa. Screenshots posted on Twitter show the grain cooperative was hit over the weekend...
infosecurity-magazine.com

Farming Group Warns of Supply Chain Chaos After Ransomware Attack

An Iowan agricultural group hit by ransomware over the weekend appears to have claimed that the impact of the attack on the US public could be worse than the Colonial Pipeline incident. The attack has been traced to BlackMatter, a group that some believe has links to the DarkMatter outfit...
Ames Tribune

Iowa grain cooperative target of cyberattack by Russian-linked hacker

An Iowa grain cooperative has been attacked by a Russian-linked hacker seeking a multimillion dollar ransom, just as the state's farmers are rolling into corn and soybean fields to begin the fall harvest. New Cooperative, a farm services business with headquarters in Fort Dodge, was targeted by a Russian-backed ransomware...
threatpost.com

BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom

Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks. A ransomware group believed to be the latest incarnation of the infamous DarkSide cybergang is being blamed for taking out a farmers’ cooperative online network, with extortionists demanding $5.9 million in ransom.
AGRICULTURE
Mac Observer

Grain Cooperative ‘New Cooperative Inc’ Hit with BlackMatter Ransomware Attack

Cyber gang BlackMatter has attacked Iowa-based grain cooperative New Cooperative Inc with ransomware, successfully shutting down its systems. The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future Inc. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said.
PUBLIC SAFETY
Western Iowa Today

Iowa Lottery Completes System Upgrade

(Clive, IA) — The Iowa Lottery completed a major upgrade this past weekend to a new operating system. Lottery spokesperson, Mary Neubauer, says this involves replacing all of the equipment that the lottery has in the field. Neubauer says the machines in some 24-hundred retail outlets were all changed during the upgrade. Neubauer says the new machines are faster and the new tickets they print are easier to read.
IOWA STATE
staradvertiser.com

Ransomware attack hits Honolulu payroll processor firm

About 4,500 customers of a Honolulu payroll processing company were potentially affected by a ransomware attack that exposed Social Security numbers, dates of birth, the full names of clients and bank account information. Read more. Mahalo for reading the Honolulu Star-Advertiser!. You're reading a premium story. Read the full story...
HONOLULU, HI
Southern Minnesota News

Crystal Valley computer systems infected by ransomware attack

Mankato-based Crystal Valley says a ransomware attack has infected their computer systems. The attack “severely interrupted” the daily operations, according to a company press release. The co-op is working with cyber security experts to secure their systems and will not accept major credit cards at their cardtrols until further notice....
TECHNOLOGY
Government Technology

Connecticut School System Targeted By Ransomware Hackers

(TNS) — The Stonington Public School system was targeted by a ransomware attack Wednesday. Superintendent of Schools Van Riley said the school system staff worked quickly to designate a team of technology professionals to respond to the attack as soon as they learned of it. They also engaged “third-party breach...
CONNECTICUT STATE
ABC News

ABC News

