New Cooperatives Ransomware Attack Underscores Threat to Food & Agriculture

The Iowa grain cooperative took its systems offline in response to a security incident earlier this week.

Farm services provider New Cooperative recently suffered a ransomware attack that forced it to take systems offline. The attack follows months of high-level US government debate about how to address ransomware — and occurred days before US officials sanctioned the Suex cryptocurrency exchange.
New Cooperative is a farmer cooperative with 60 operating locations across north, central, and western Iowa. In addition to providing grain, the organization also offers feed, fertilizer, crop protection, and seed resources. The attack struck late last week, just as the US farming sector is preparing for harvest, and the group reportedly behind the attack demanded $5.9 million.
In response, the cooperative says it has reached out to law enforcement and have brought on data security experts to investigate and remediate the attack.
New Cooperative recently identified a cybersecurity incident that is impacting some of our companys devices and systems, officials say in a statement. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.
The attack is connected to BlackMatter, an attack group that said in a statement on its website that it had stolen New Cooperative data. It claims to have taken financial information, human resources data, research and development data, and source code for New Cooperatives SoilMap product, according to a Bloomberg
report
.
BlackMatter is believed to be connected with ransomware-as-a-service (RaaS) group DarkSide, an affiliate of which targeted Colonial Pipeline in a major ransomware attack
earlier this year
. When the newer group appeared in July, after DarkSide shut down its infrastructure and removed its members from criminal websites, it claimed to use the best tools from DarkSide and REvil.
Sophos research shows
that while factors suggest a connection between BlackMatter and DarkSide, this is not simply a rebranding from one to another, says researcher Mark Loman.
In the hands of an experienced attacker, this ransomware can cause a lot of damage without triggering many alarms, he writes in a blog post.
Its becoming increasingly common for ransomware groups to disband and regroup under a different alias as a brighter spotlight shines on ransomware campaigns as a global problem, says Hank Schless, senior manager of security solutions at Lookout.
These ransomware groups figure out repeatable models so it would make sense that the tactics of an offshoot group are very similar to those of the original organization, he says. There may nuanced changes to avoid immediate detection under the new group name.
Will The Biden Administration Act?
President Biden met with Russian President Vladimir Putin earlier this year and, as part of that conversation, presented a list of industries that constitute critical infrastructure in the US. If the entities, which included food and agriculture companies, were to be targeted by Russian cybercriminals, it would be considered a serious national security threat. Critical infrastructure also includes the chemical sector, emergency services, energy, critical manufacturing, water, and healthcare.
Certain critical infrastructures should be off-limits to attack, period, by cyber or any other means,
Biden said
after the meeting.
BlackMatter is made up of Russian-speaking attackers who code in Russian. The groups blog says it doesnt conduct attacks on organizations in industries that include healthcare, critical infrastructure, oil and gas, defense, nonprofits, and government, Recorded Future
reports
.
While the US government considers food and agriculture a critical sector, BlackMatter does not, in this case, stating that New Cooperatives production volumes do not correspond to the volume to call them critical, according to its Dark Web page, Bloomberg
reports
.
This attack basically dismisses Bidens directive, but its hardly a surprise to see a group pushback, expert say. Criminals, after all, are expected to lie, steal, and act in their own self-interest. They have a strong incentive to convince law enforcement that they didnt violate a rule.
To me, this sounds like a mix of BlackMatter playing dumb, trolling the mandate, and showing that they may continue to target smaller groups that fall within the critical infrastructure sectors, Schless says. It feels like an athlete committing a foul, then putting their hands up as if they didnt do anything wrong. The justification that New Cooperative didnt operate on a large enough scale to fall within the boundaries of Bidens mandate just doesnt make sense.
It remains to be seen whether the US acts in response to this latest attack. Its one thing to communicate the parameters of a rule; its another to impose and enforce consequences. If officials dont take action in response to this, it may communicate to attackers that there is no punishment for targeting critical infrastructure, which could invite future attacks.
Designating critical infrastructure attacks as a national security threat is only one step the Biden administration has taken against ransomware groups. News of this attack arrived days before the US Treasury Department sanctioned the Suex cryptocurrency exchange
for its role
in facilitating transactions for ransomware attackers. Its the first time a digital currency exchange has been sanctioned.
Security Challenges in the Food Supply Chain
The food and agriculture sector struggles with the fact that both modern and decades-old technology exists in each individual operation, and even more so in the larger supply chain. Budgets, technical projects, cybersecurity, and business risk mitigation efforts are all affected.
Older, larger organizations are often trying to catch up with technical debt across the organization, while trying to keep up with acquisitions of smaller, less secure operations — all while running a fundamentally low-margin business, says Armis CISO Curtis Simpson. He notes smaller operations often outsource their security and technology efforts, with varied results.
Organizations in this sector have a large and complex attack surface and a critical role in food production and distribution, which drives the challenge of remaining safe and operational. The public relies on these businesses to not only supply sufficient amounts of food but to ensure the safety of that supply. Any cyberattack that calls this into question can interfere with trust.
When we couple the complexity of the food and agriculture industry with the real-world impact these organizations have on the public on a daily basis, says Illumio co-founder and CEO Andrew Rubin, it makes them a valuable potential target for cyberattacks, and more specifically ransomware.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Cooperatives Ransomware Attack Underscores Threat to Food & Agriculture