Iowa farm cooperative hit by ransomware, systems go offline

A ransomware attack by the BlackMatter gang forced New Cooperative, an association of Iowa corn and soy farmers, to take their systems offline but it said it created workarounds to receive grain and distribute feed, a person close to the business said.

Member-owned New Cooperative said in a statement that the attack was “successfully contained” and that it had quickly notified law enforcement. It said it took its systems offline out of “an abundance of caution” and was working with data security professionals to quickly remedy the situation. It did not specify when the ransomware was activated.

The attack hit just as Iowa’s corn and soy harvesting is getting under way,

Security researcher Allan Liska of Recorded Future said the criminals demanded a $5.9 million ransom for a decryptor key to unlock files they scrambled. He said a sample of their malware was uploaded to a research site either late Friday or early Saturday.

Security researchers believe BlackMatter may be a reconstituted version of the ransomware syndicate DarkSide that disrupted the Colonial Pipeline last spring then announced it was disbanding. BlackMatter claims on its darkweb site not to target critical infrastructure, though many would argue that New Cooperative is exactly that because it provides feed to livestock.

In a post on its darkweb site, BlackMatter threatened to publish 1 terabyte of data it claimed to have stolen from New Cooperative if its ransom demand was not paid by Saturday.

The person close to New Cooperative with knowledge of the case, speaking on condition they not be further identified, would not say whether a ransom was paid.

Based in Fort Dodge, Iowa, New Cooperative stores and markets the grain it collects and offers feed, fertilizer, crop protection and seed, according to its LinkedIn site.