The Iowa-based farmer's feed and grain cooperative New Cooperative group was targeted by a BlackMatter ransomware attack, potentially endangering operations of an organization key to the agricultural supply chain.
The attack took place over the weekend, with the threat actors demanding a $5.9 million ransom, which will increase to $11.8 million if a ransom is not paid until September 25.
New Cooperative, which is among the largest U.S. farm cooperatives, has confirmed the cyberattack.
“NEW Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” said the company’s spokesperson.
In what appears to be screenshots of a negotiation between a spokesperson for New Cooperative and the threat actors shared by security researchers, New Cooperative noted that 40 percent of the nation’s grain production runs through its software, and that the ransomware attack would lead to food supply disruption for grain, pork and chicken.
New Cooperative also said that they would contact regulators and CISA about the ransomware attack.
BlackMatter responded by saying “Do not threaten us” and that “no one will give you decrypters for free, look for money”.
On their darknet leak site the group claims to have stolen 1GB of data, including the source code for the soilmap.com project, Android and iOS apps, R&D results, sensitive employee information, financial documents, and an exported database for the KeePass password manager.
The BlackMatter ransomware gang is thought to be a rebrand of the DarkSide ransomware that went silent after the attack that shuttered the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S.