But the cooperative took its computer network offline to isolate the incursion, the person said, and shuttered its soil-mapping software — a master-control system that optimizes irrigation and fertilization — as a precaution.
Farmers, meanwhile, have taken to using paper scale tickets to log their grain hauls as they drop them off at the cooperative, said Tim Luginsland, Wells Fargo’s food and agribusiness sector manager.
The hacking group BlackMatter threatened to publish a terabyte of the cooperative’s data, including invoices, research and development documents, and the source code to its soil-mapping technology, if it did not receive the ransom payment in cryptocurrency by Sept. 25, said cybersecurity experts who evaluated the attack.
On Sept. 3, the FBI warned that agriculture producers were being targeted by cybercriminals. In June, another Russian cybercrime cell, REvil, carried out a ransomware attack on JBS, the world’s largest meat producer. The company, which operates in the United States, Brazil, Canada and Australia, eventually paid an $11 million ransom. Should the New Cooperative hack be seen as a success, national security experts worry it could lead to more attacks on agriculture producers, especially cooperatives.
“Huge amounts of money move with the transfer of agricultural commodities — many, many millions of dollars are transferred back and forth,” said Bobby J. Martens, the Iowa Institute of Cooperatives endowed professor of economics at Iowa State University. “The bad guys are going to see those transfers. There’s a tremendous amount of money that exchanges hands in this area.”
The size of the hack — New Cooperative represents only a small portion of Iowa’s fall harvest — and the cooperative’s workaround limited the market impact of the breach, Luginsland said. But such threats may require significant security upgrades, the cost of which could be passed on to consumers.
“This event wasn’t long enough to cause a change in the commodity price, but certainly it will have ramifications in terms of the food supply system,” he said. “If they do it to this company, they could do it to one of the majors. They can block the food chain. They attacked in the heartland of all agriculture. It’s a new form of terrorism.”
Cybersecurity researchers say BlackMatter appears to be a reconstitution of the notorious group DarkSide, another Russian cell that disbanded after the Colonial Pipeline breach in May. That ransomware attack disrupted fuel service for six days to large swaths of the East Coast, and Colonial officials eventually paid a $4.4 million ransom for a decryption key.
Though federal law enforcement officials were able to claw back a portion of the ransom and sideline much of DarkSide’s infrastructure, experts had cautioned that the hackers would probably reemerge.
The Biden administration has pressured its Russian counterparts to take a more aggressive stance against cybercriminals who use former Soviet states as a home base. It also is moving to cut off the flow of money by sanctioning cryptocurrency exchanges that facilitate the illicit payments to hackers.
New Cooperative officials sought to negotiate with hackers Monday for the group to release the company’s data without a payment. A company official in a chat transcript circulating among computer researchers told a representative from the hacking group that the cooperative should not be targeted because it was “critical infrastructure.” BlackMatter on its dark-web site says it does not target infrastructure such as hospitals, pipelines and power plants.
In an exchange with the hackers, New Cooperative claimed the hack threatened to affect the software controlling 40 percent of the nation’s grain production, as well as the feed schedule of 11 million animals.
The U.S. Department of Homeland Security has identified 16 critical infrastructure industries to which it devotes additional protective resources. The food and agriculture sector is among those critical industries, but its cybersecurity does not receive specific attention.
“In other words,” Martens said, “these attackers aren’t breaking [their own] rules of critical infrastructure.”
Agriculture industry experts are less alarmed about the effects of this one attack than they are of the long-term ramifications.
“I think we’ll see some small ripples,” Chad Hart, an Iowa State University agricultural economist, said about the hack, “but not necessarily because New Cooperative is so large. It’s because the whole grain-handling system is wondering if that will happen to them. Who will be the next to be hit?”
Hart said New Cooperative’s grinding to a halt will be big for Central Iowa but relatively small in terms of grain flow nationwide.
“The greater challenge is, it gums things up right as crop harvest is beginning here in Iowa,” he said. “That’s going to be the challenge, that one of the sizable co-ops is wrestling with the supply chain at the beginning of the busiest time of year.”
Ellen Nakashima, Craig Timberg, Gerrit De Vynck and Rachel Lerman contributed to this report.