top of page

US farming group warns of supply chain chaos after ransomware attack

An Iowan agricultural group hit by a ransomware attack appears to have claimed that the impact of the attack on the US public could be worse than the Colonial Pipeline incident.

Why are we talking about a ransomware attack in the US, you may well be thinking. Because, ransomware attacks happen globally, and the UK agriculture industry is suffering, and it's an area we're working in with the likes of the NFU and Crimestoppers to raise awareness of such crimes.

We'll be joint hosting an event in November about how agricultural businesses can mitigate the threats of an attack. More on that nearer the time but if you're interested, sign up for our free core membership via the banner below.

Back to the story...

The attack has been traced to BlackMatter, a group that some believe has links to the DarkMatter outfit responsible for the days-long oil supply outage in May, which sent oil prices soaring on the east coast of America.

According to reports, it targeted New Cooperative, a major US grain producer, with a $5.9m ransom demand.

However, screenshots of the negotiations between the two parties posted on Twitter by security researchers shed some interesting light on the attack’s significance.

In one, the cooperative’s spokesperson suggests that the ransomware group has misjudged the scale of the impact a resulting supply chain outage could have.

“The impact of this attack will likely be much worse than the pipeline attack for context, and we have no way to control that given the disruption this has already caused,” they said. “I am just telling you this so you are not surprised as it does not seem like you understood who we are and what role our company plays in the food supply chain.”

The threat actors appeared unmoved, demanding the firm come up with the money.

The to-and-fro between victim and extorter has added significance given the Biden administration has made it clear to the Kremlin that 16 critical infrastructure sectors of the US economy are off-limits to cybercrime groups thought to be operating from Russia.

After a relatively quiet summer, this attack would appear to be testing those red lines.

“There is going to be a very, very public disruption to the grain, pork and chicken supply chain. About 40% of grain production runs on our software and 11 million animals feed schedules rely on us,” the spokesperson said, according to another screenshot.

“This will break the supply chain very shortly, and we will have to report this to our regulators and likely the public if this disruption continues … CISA is going to be demanding answers from us within the next 12 hours or so and we are going to have to tell them exactly what has happened.”

Hank Schless, senior manager of security solutions at Lookout, argued that firms would need to better protect themselves in place of any geopolitical breakthrough.

“BlackMatter claimed that New Cooperative doesn’t reach the threshold that the President laid out. Threat actors already operate outside the bounds of the law, so why would they suddenly comply? If this is the attitude Russia-based threat actors have towards the President’s warnings, then this could be indicative of similar attacks to come,” he added.

That all sounds hugely political in parts, but the point is, ransomware attacks have a significant impact on a company's ability to trade. We're already seeing food and petrol shortages as a result of a lack of lorry drivers. We really don't need to see a supply chain further crippled by a ransomware attack like the one in Iowa on top of the problems faced by UK businesses currently.

As mentioned, we'll be working with the agriculture sector this autumn/winter. If you're interested, sign up for membership, and follow us on Twitter and Linked In.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page