[BreachExchange] A Second Farming Cooperative Got Shut Down by Ransomware This Week

Thu Sep 23 08:48:39 EDT 2021

https://heimdalsecurity.com/blog/farming-cooperative-shut-down-by-ransomware/

This was the second farming cooperative attack of the week, the first one
being aimed at an Iowa-based cooperative.

"Crystal Valley has been targeted in a ransomware attack. The attack has
infected the computer systems and disrupted the daily operations of the
company.

Note: due to this, we are unable to accept Visa, Mastercard, and Discover
cards at our cardtrols until further notice. Local cards do work.

As we continue to navigate through this with the help of experts, we
appreciate your patience and understanding. We will continue to update with
information as it becomes available."

Crystal Valley is a leading farm supply and grain marketing cooperative
focused on serving the needs of crop farmers and livestock producers in
southern Minnesota and northern Iowa.

Crystal Valley has recently disclosed the fact that their company was
targeted with a ransomware attack that led them to shut down IT systems,
therefore making them unable to accept any payments using Visa, Mastercard,
and Discover credit cards.

"On Sunday, September 19, Crystal Valley was alerted we had been targeted
in a ransomware attack. This attack has infected the computer systems at
Crystal Valley and severely interrupted the daily operations of the
company. Crystal Valley and cyber security experts are working diligently
to re-establish safe and secure operating systems, which will be back
online when we are confident the issue has been resolved."

At this time, it’s unclear what ransomware operation was behind this attack.

It’s important to remember as well that earlier this month, the FBI
released a notice in which it was warning the companies from the food and
agriculture sector to watch out for ransomware attacks aiming to disrupt
supply chains.

In the notice, the FBI explains that food and agriculture ransomware
attacks interrupt businesses, create financial losses, and have a
detrimental impact on the food supply chain. Small farms to big producers,
processors, and manufacturers, as well as marketplaces and restaurants, may
be affected by ransomware.

In a sector that is increasingly reliant on smart technologies, industrial
control systems, and internet-based automation systems, cyber-criminal
threat actors can now use network weaknesses in order to exfiltrate data
and encrypt systems.

It seems that the ransomware victims in the food and agriculture industry
suffer considerable financial losses as a result of ransom payments, lost
production, and cleanup expenses, alongside potentially losing intellectual
information and personally identifiable information (PII).

"The Food and Agriculture sector is among the critical infrastructure
sectors increasingly targeted by cyber-attacks. As the sector moves to
adopt more smart technologies and internet of things (IoT) processes the
attack surface increases. Larger businesses are targeted based on their
perceived ability to pay higher ransom demands, while smaller entities may
be seen as soft targets, particularly those in the earlier stages of
digitizing their processes, according to a private industry report."

Critical Infrastructure Under Attack

The attack on Crystal Valley marks the second farming cooperative attack
that happened in the past week, New Cooperative being previously targeted
by BlackMatter ransomware.

The ransomware group demanded a $5.9 million ransom in order to not leak
data and provide the company with a decryption key.

It’s interesting to note that the US government classified food and
agriculture as critical infrastructure that is vital to the United States.

"There are 16 critical infrastructure sectors whose assets, systems, and
networks, whether physical or virtual, are considered so vital to the
United States that their incapacitation or destruction would have a
debilitating effect on security, national economic security, national
public health or safety, or any combination thereof."

The Colonial Pipeline and JBS ransomware attacks made President Biden come
out and warn Putin about the fact that any critical infrastructure should
be off-limits for ransomware attacks, but unfortunately, we haven’t seen so
far any signs of cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210923/d7ca36bd/attachment.html>