The co-operative operates grain storage elevators in the top U.S. corn-producing state, buys crops from farmers, sells fertilizer and other chemicals needed to grow crops and owns technology platforms for farmers that provide agronomic advice on the way to maximize their harvests.
“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” NEW Cooperative Inc. said in a statement. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”
Several grain storage elevators operated by NEW Cooperative contacted by Reuters were open.
The timing of the attack is making it crucial that NEW gets its systems back online as soon as possible as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across Iowa, said Don Roose, president of U.S. Commodities in West Des Moines, Iowa.
“They have got you boxed into a corner,” Roose said. “Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans.”
Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp., the Colonial Pipeline’s oil network, meat-processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.
A spokesperson for the U.S. Cybersecurity and Infrastructure Security Agency declined to comment on the incident at NEW Cooperative.
The Federal Bureau of Investigation did not immediately respond to a request for comment.
“This is a very clear attack on an organization that is part of our critical infrastructure,” said Allan Liska, a senior analyst with U.S. cybersecurity firm Recorded Future. “This could result in disruptions to food delivery in parts of the country.”
A Russian-speaking cybercriminal group named BlackMatter said on its website it had recently stolen data from NEW Cooperative.
BlackMatter is known for using ransomware to threaten its victims with data leaks, often extorting them for a crypto currency payment.
The claim follows a July meeting between U.S. President Joe Biden and Russian President Vladimir Putin, where Biden reportedly told Putin that “critical infrastructure” companies should be off limits to ransomware gangs.
Cybersecurity experts and federal prosecutors say ransomware groups often operate from Russia or Ukraine. The “food and agriculture” industry is publicly defined as a critical infrastructure sector by the Department of Homeland Security.