The harvest is bitter for another agricultural business that fell victim to a ransomware attack this week and its websites are now down.
Payment Systems Down Following The Ransomware Attack
Minnesota-based farm supply and grain marketing cooperative Crystal Valley was hit with ransomware this week. The company issued a statement Tuesday on its website. However, the site is currently down as of Wednesday.
Crystal Valley Cooperative took to Facebook to confirm that a ransomware attack had compromised it on Sunday, September 19.
“The attack has infected our computer systems and interrupted the daily operations of our company. Due to this computer breach, all systems of the Mankato-based cooperative have been shut down until they can be restored safely and securely,” the company said.
“Due to this, we are unable to accept Visa, Mastercard, and Discover cards at our cardtrols until further notice. Local cards do work. As we continue to navigate through this with the help of experts, we appreciate your patience and understanding. We will continue to update with information as it becomes available.”
A spokesperson went on to add that their phone system is also down.
Crystal Valley Cooperative is based in Mankato, Minnesota, and is a local full-service agricultural cooperative. It works with 2,500 farmers and livestock producers and has 260 full-time employees.
CEO Roger Kielholz stated that the company is “working diligently with our internal IT team along with multiple outside technology vendors to restore our data and return to full-service operation in a matter of days, especially now with fall harvest getting underway.”
Not The First Ransomware Attack To Target Food Suppliers
The ransomware attack on Crystal Valley comes right after another one that hit Iowa-based farm service provider NEW Cooperative last week. The BlackMatter ransomware group was behind the attack and demanded $5.9 million in ransom.
Many observers noted that this is a terrible time for a cyberattack considering this is when harvests start to ramp up.
CISO at cybersecurity firm Armis Curtis Simpson explained that the agriculture sector struggles with the fact that every kind of technology from today to decades past is part of a larger supply chain. “Budgets, technical projects, cybersecurity, and business risk mitigation efforts are all impacted by the spiderweb of integrated old and new technologies,” Simpson added.
“Older, larger organizations are often trying to catch up with technical debt across the organization while trying to keep up with acquisitions of smaller, less secure operations — all while running a fundamentally low-margin business. The smaller operations often outsource security and technology efforts,” Simpson said.
“Unfortunately, and once again, many attackers are more than aware of the potential impacts and what this may mean to the number of zeros in a potential ransom payment.”
Marcus Fowler, Darktrace director of strategic threats, added that all organizations, especially the food and agriculture industry, should be highly vigilant with two cyberattacks hitting key grain cooperatives so close together.
“If these two attacks were both conducted by BlackMatter, this could indicate a broader supply chain attack or campaign targeting the food chain, which means there may be other companies that were breached and don’t know it yet or have failed to report,” Fowler noted. “These ransomware attacks forced both companies to take their systems offline, which could have significant and longer-term consequences. Ceasing operations could cut off feed supply for animals and, in turn, cut meat processing, dairy production, and more, creating enormous unintended consequences and potentially food scarcity nationwide.”
Recently, the FBI released a notice warning organizations in the food and agriculture sector to keep an eye out for ransomware attacks seeking to disrupt supply chains.
“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack,” the FBI said.
The notice lists several cyberattacks hitting the food and agriculture sector since November. The list includes a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March attack on a US beverage company, and a January attack on a US farm that resulted in damages of circa $9 million.
Food Suppliers – A New Hacker’s Favorite?
Bitglass CTO and co-founder Anurag Kahol said that the Crystal Valley ransomware attack confirms how common this type of attack against critical infrastructure has become.
“Unfortunately, cybercriminals are more likely to target and put up a hefty ransom for large organizations that are vital to the flow of the U.S. economy in hopes that they will hastily pay the ransom to recover their operations,” Kahol said via email.
He indicated that organizations must achieve complete visibility and control over their whole IT ecosystem to prevent such attacks. “Comprehensive security platforms such as a secure access service edge (SASE) can deliver end-to-end threat protection, while actively identifying and remediating both known and zero-day threats,” he commented. “With a multi-faceted, unified solution in place, organizations can proactively stay ahead of sophisticated threats.”
ThreatPost Crystal Valley Farm Coop Hit with Ransomware