The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Ransomware Attacks on Agriculture Industry Increase

by Chris Brook on Monday September 27, 2021

Contact Us
Free Demo
Chat

Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .

Just as federal officials warned earlier this month, the last few weeks have seen an uptick in attackers actively targeting organizations in the agriculture sector, entities critical to the US food supply chain.

Last week a Minnesota-based farm supply and grain marketing cooperative said a ransomware attack forced some of its operating systems offline. The company, Crystal Valley, which provides grain, feed, gas, and crop protection products to farmers in and around Minnesota and Iowa disclosed in an update to its website that it had been hit by a ransomware attack.

"On Sunday, September 19, Crystal Valley was alerted we had been targeted in a ransomware attack. This attack has infected the computer systems at Crystal Valley and severely interrupted the daily operations of the company," the company posted in a statement.

The attack left the organization without a way to accept major credit cards and unable to mix fertilizer or fulfill orders for livestock feed, according to Reuters, which spoke to a farmer that uses Crystal Valley.

The company said on Friday that it was back to taking grain at its elevator locations but that it was doing manual hand tickets suggesting its systems were still offline. The company also said that because attackers had access to its systems, customers and business partners may have had their confidential data viewed and that it was planning on sending out data breach notifications soon.

News of the attack only came a few days after New Cooperative Inc, a member owned agricultural cooperative in Iowa, made headlines following a ransomware attack of their own.

In that attack the Russian ransomware group BlackMatter reportedly asked the coop for $5.9 million. A screenshot, purportedly between of a conversation between the organization and the attackers, circulated on Twitter last week in which New Cooperative pointed out it was critical infrastructure - a sector the group claims it doesn't attack.

The attackers saw things differently: "You do not fall under the rules, everyone will only incur losses, everything is tied to the commerce, the critical ones mean the vital needs of a person, and you earn money."

In the exchange New Cooperative claims its software controls 40 percent of the nation’s grain production and the feed schedule of 11 million animals.

BlackMatter sought to publish the co-op’s data, including its invoices, research and development documents, and the source code to SOILMAP, soil-mapping technology New Cooperative oversees.

To mitigate the attack, the co-op developed a workaround to continue accepting grain shipments and distributing feed, according to the Washington Post. While the organization took its network (and SOILMAP) offline following the attack, it appears it’s still feeling the effects of the hack; their website, newcoop.com and soilmap.com were both still unreachable on Monday.

Earlier this month the Federal Bureau of Investigation warned of increased attacks on the food and agriculture sector.

"As the sector moves to adopt more smart technologies and internet of things (IoT) processes the attack surface increases. Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes," the FBI said in a TLP: White Private Industry Notification.

The agency went on to highlight attacks, including one that shuttered a bakery for a week and caused them to lose access to their files and applications and another that cost one farm approximately $9 million.

Tags: Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.