NEW Coop victim of cyberattack

Iowa farm cooperative hit by ransomware, systems go offline

-Messenger photo by Kelby Wingert
Fort Dodge-based NEW Cooperative was the victim of a ransomware cyber attack over the weekend. On Monday, the company released a statement saying that “out of an abundance of caution,” it had taken its systems offline and the threat had been contained. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation,” the company said.


AP Technology Writer

A ransomware attack by the BlackMatter gang forced NEW Cooperative, an association of Iowa corn and soy farmers, to take their systems offline but it said it created workarounds to receive grain and distribute feed, a person close to the business said.

Member-owned NEW Cooperative said in a statement that the attack was “successfully contained” and that it had quickly notified law enforcement. It said it took its systems offline out of “an abundance of caution” and was working with data security professionals to quickly remedy the situation. It did not specify when the ransomware was activated.

“Please know that NEW Cooperative is treating this matter with the utmost seriousness, and we are using every available tool and resource to quickly restore our systems,” the company said. “We appreciate the patience of our valued customers as we investigate this matter and work to restore functionality and will share additional information directly with our customers as we learn it.”

NEW Cooperative also said that it quickly notified law enforcement of the attack.

The attack hit just as Iowa’s corn and soy harvesting is getting underway.

Security researcher Allan Liska of Recorded Future said the criminals demanded a $5.9 million ransom for a decryptor key to unlock files they scrambled. He said a sample of their malware was uploaded to a research site either late Friday or early Saturday.

Security researchers believe BlackMatter may be a reconstituted version of the ransomware syndicate DarkSide that disrupted the Colonial Pipeline last spring then announced it was disbanding. BlackMatter claims on its darkweb site not to target critical infrastructure, though many would argue that NEW Cooperative is exactly that because it provides feed to livestock.

In a post on its darkweb site, BlackMatter threatened to publish 1 terabyte of data it claimed to have stolen from NEW Cooperative if its ransom demand was not paid by Saturday.

The person close to NEW Cooperative with knowledge of the case, speaking on condition they not be further identified, would not say whether a ransom was paid.

Based in Fort Dodge, NEW Cooperative stores and markets the grain it collects and offers feed, fertilizer, crop protection and seed, according to its LinkedIn site.

Messenger reporter Kelby Wingert contributed to this story.


Today's breaking news and more in your inbox

I'm interested in (please check all that apply)
Are you a paying subscriber to the newspaper? *

Starting at $4.62/week.

Subscribe Today