An Iowa grain cooperative has been attacked by a Russian-linked hacker seeking a multimillion dollar ransom, just as the state's farmers are rolling into corn and soybean fields to begin the fall harvest.
New Cooperative, a farm services business with headquarters in Fort Dodge, was targeted by a Russian-backed ransomware group called BlackMatter. Bloomberg News, citing a cybersecurity expert, said BlackMatter is demanding a $5.9 million ransom.
The attack began around Friday, the news agency reported.
The cooperative, with 60 locations mostly in northwest and north central Iowa, confirmed Monday in a statement it had "recently identified a cybersecurity incident" that is impacting some of the company’s "devices and systems."
"Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained," it said in a statement.
New Cooperative's website was mostly back online late Monday afternoon, providing cash bid information for corn and soybeans.
New Cooperative said it is using "every available tool and resource to quickly restore our systems." The cooperative said it had notified law enforcement and was working with data security experts to "investigate and remediate the situation."
The cooperative, citing the ongoing investigation, declined to comment about a possible ransom or what data might have been compromised.
In addition to buying and selling grain, the cooperative sells seeds, fertilizer and herbicides and provides crop advice. The cooperative announced in July it was merging with MaxYield Cooperative, an elevator system based in West Bend.
The harvest is mostly just beginning in northwest Iowa and other parts of the state, but farmers told Bloomberg News that grain delivery, normally a digital process, had gone old school. Workers were using paper tickets to take down truck weight and grain moisture content by hand, slowing down the process considerably, the farmers said.
Bloomberg said BlackMatter is believed to be linked to the ransomware group DarkSide, which attacked Colonial Pipeline Co. earlier this year, triggering fuel shortages along on the East Coast.
The Colonial hackers attempted to publicly distance themselves from the real world impact of the hack, Bloomberg reported, claiming their operation was strictly financially motivated. But within months, the DarkSide operation’s infrastructure disappeared from the dark web, and the FBI had clawed back a chunk of Colonial’s $4.4 million ransom payment.