In September 2021, New Cooperative, a prominent Iowa farming co-op, fell victim to a sophisticated ransomware attack orchestrated by the hacking group BlackMatter, linked to Russian cybercriminals. The attackers gained access to the cooperative's computer networks, which are vital for managing food supply chains and feeding schedules for millions of livestock, including chickens, hogs, and cattle. They demanded a staggering ransom of $5.9 million in cryptocurrency to unlock the compromised systems. In response to the breach, New Cooperative took swift action to contain the situation by taking its computer network offline and shutting down critical software, including its soil-mapping technology, which plays a key role in optimizing irrigation and fertilization. As a result, the cooperative resorted to using paper logs for grain hauls, disrupting operations during a critical harvest period. The hackers also threatened to publish a terabyte of sensitive data, including invoices and proprietary technology details, heightening the stakes for the cooperative and the agricultural sector at large.

• Impact on Assets:

  • Computer networks critical for managing food supply chains were locked by ransomware.
  • Soil-mapping software, essential for optimizing irrigation and fertilization, was temporarily shut down to contain the breach.
  • A terabyte of sensitive data, including invoices and proprietary technology, was threatened with publication by the hacking group.

• Organizational Impact:

  • Operations were significantly hindered as the cooperative took its systems offline, leading to reliance on manual processes such as paper scale tickets for grain hauls.
  • The ability to handle grain shipments and feed distributions was disrupted during the incident.
  • Although a specific financial cost from the attack was not disclosed, the demand for a $5.9 million ransom and potential spend on cybersecurity enhancements indicated significant financial implications.
  • The incident raised concerns within the agriculture sector about the vulnerability of critical infrastructure, potentially leading to increased security investments and operational disruptions during peak harvest periods.

The ransomware attack on Iowa's New Cooperative could have occurred due to several factors that typically exploit system vulnerabilities. Attackers, identified as the hacking group BlackMatter, likely used phishing tactics to gain initial access to the cooperative's network, manipulating employees into divulging sensitive credentials or downloading malicious software. Once inside, they could navigate the system, identify critical infrastructure, and deploy ransomware to encrypt vital data, demanding a ransom of $5.9 million in cryptocurrency.

The cooperative's reliance on interconnected digital systems, including soil-mapping technology, created potential entry points for attackers. Despite the cooperative's efforts to isolate the breach by taking its computer network offline, the initial incursion may have compromised sensitive data, including invoices and operational documents. Furthermore, the attack coincided with a heightened risk period, as the FBI had warned agriculture producers about targeting. The incident underscores the need for robust cybersecurity measures in the agriculture sector to prevent such breaches, especially given the significant financial transactions and data integrity involved in food supply chains.

Upon discovering the ransomware attack, New Cooperative's initial response involved promptly taking their computer network offline to contain the breach. This critical action effectively isolated the malware and prevented it from spreading further within the system.

To manage operations while mitigating the attack's impact, the cooperative developed a workaround that enabled them to continue accepting grain shipments and distributing feed. However, they also decided to shutter their soil-mapping software, a master-control system vital for optimizing irrigation and fertilization, as an additional precaution.

During this time, farmers resorted to using paper scale tickets to document their grain hauls, ensuring that operations could continue despite the cyber disruption. This strategic triage of systems helped limit the immediate operational impact while maintaining essential functions within the cooperative.