Ransomware Takes Iowa Grain Co-op Offline

Posted by
Published:
Sep 21, 2021
Reviewed by
Updated:
Jan 16, 2024
min. read
Table of Contents

The ransomware gang BlackMatter launched an attack on Iowa-based agricultural services provider NEW Cooperative which forced the company to take its operations offline. News of the attack began to circulate on Twitter on September 20, as details emerged of a $5.9 million ransom demand in exchange for the decryption key.

The BlackMatter group is thought to have organized earlier this year from former members of the DarkSide and REvil groups. The company has since confirmed the attack in a statement to the media. “In an abundance of caution, we have proactively taken our systems offline to contain the threat,” the company said, adding that it had notified law enforcement.

Latest Threat to Food Supply

News of the attack comes just weeks after the FBI issued a Private Industry Notification warning of increased ransomware attacks targeting the food and agriculture sectors. It also follows successful attacks against the global meat processing company JBS, which forced the shutdown of its processing plants in the U.S.

The FBI and other federal agencies classify food and agriculture as part of the country’s critical infrastructure. Indeed, the BlackMatter group itself claims to avoid attacking any organization that is part of a country’s critical infrastructure. But the group refused to acknowledge NEW Cooperative as critical infrastructure in negotiations with the company.

NEW Cooperative told the group that it is working with the Department of Homeland Security’s Critical and Infrastructure Security Agency, and that refusal to decrypt company servers could lead to dire consequences. “If we are not able to recover very shortly, there is going to be a … disruption in the grain, pork and chicken supply chain.”

BlackMatter claims to have exfiltrated a terabyte of NEW Cooperative data in the ransomware attack, including source code for its soilmap.com project and other sensitive company and employee data. It posted screenshots of some of this data on a private leak site. In return for the $5.9 million in ransom, BlackMatter has promised to provide a decryption key and not to leak company data.

Critical Security for Critical Infrastructure

Ransomware attacks have become all too common across all industrial sectors, from municipal water supplies to gas and oil pipelines. Most troublesome are those that target infrastructure where disruptions to service could have a disastrous impact on public safety. The brief shutdown of JBS processing plants led to shortages and price spikes.

Safeguarding industrial control systems and IT networks requires multiple layers of security, from offline encrypted backup and external storage systems to remote drive management and USB port-blocking technology. The sophistication of cyberattacks on computer networks continues to evolve. Your data security has to keep pace. SecureData can help.

Category:
Cybersecurity

Discover our secure data Solutions

Data Recovery Services

From single external hard drives, SSD’s, mobile devices to enterprise NAS, SAN, and RAID failures, we are ready to help recover from digital disasters, anywhere.

Request Help
Philip Bader

After more than a decade in Southeast Asia as a reporter and editor for magazines, newspapers, and online media organizations, Philip Bader now serves as a freelance content writer for Secure Data Recovery Services. He writes blogs and web content about data storage technology, trends in enterprise data recovery, and emerging data storage technology.

© 2024 SecureData Corporation or its affiliates. All rights reserved.