Crystal Valley Cooperative becomes latest agriculture business hit with ransomware

The company released a statement on Tuesday evening, but its websites are now down.

Minnesota-based farm supply and grain marketing cooperative Crystal Valley has become the latest agriculture business hit with a ransomware attack

The company released a statement on its website Tuesday afternoon, but the website is currently down as of Wednesday. 

ZDNet Recommends

The best antivirus software and apps The best antivirus software and apps A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep yourself safe from malware and viruses.

On Facebook, Crystal Valley Cooperative confirmed that it had been hit with a ransomware attack on Sunday, September 19.

"The attack has infected our computer systems and interrupted the daily operations of our company. Due to this computer breach, all systems of the Mankato-based cooperative have been shut down until they can be restored safely and securely," the company said. 

"Due to this, we are unable to accept Visa, Mastercard, and Discover cards at our cardtrols until further notice. Local cards do work. As we continue to navigate through this with the help of experts, we appreciate your patience and understanding. We will continue to update with information as it becomes available."

In messages to ZDNet, a spokesperson for the company confirmed that their phone system is also down. 

Based in Mankato, Minnesota, Crystal Valley Cooperative is a local full-service agricultural cooperative focused on helping crop farmers and livestock producers in southern Minnesota and northern Iowa. 

The Free Press in Minnesota reported that the company works with 2,500 farmers and livestock producers while employing 260 full-time workers. 

CEO Roger Kielholz told the newspaper that the company is "working diligently with our internal IT team along with multiple outside technology vendors to restore our data and return to full-service operation in a matter of days, especially now with fall harvest getting underway."

The ransomware attack is the second in the last week targeting an agriculture cooperative. Iowa-based farm service provider NEW Cooperative was hit with a ransomware attack last week. The BlackMatter ransomware group took credit for the attack and was demanding a $5.9 million ransom.

In that case, many observers noted what Kielholz mentioned in his statement: that this was a particularly bad time for a cyberattack considering this is when harvests begin to ramp up for farmers. 

Curtis Simpson, CISO at cybersecurity firm Armis, said the agriculture industry struggles with the sheer fact that every type of technology from today to decades past is part of a larger supply chain. Budgets, technical projects, cybersecurity, and business risk mitigation efforts are all impacted by the spiderweb of integrated old and new technologies, Simpson explained. 

"Older, larger organizations are often trying to catch up with technical debt across the organization while trying to keep up with acquisitions of smaller, less secure operations -- all while running a fundamentally low-margin business. The smaller operations often outsource security and technology efforts," Simpson said.

"Unfortunately, and once again, many attackers are more than aware of the potential impacts and what this may mean to the number of zeros in a potential ransom payment."

Darktrace director of strategic threats Marcus Fowler added that with two attacks on critical grain cooperatives this week so close together, all organizations in critical infrastructure, specifically the food and agriculture sector, should be on high alert. 

"If these two attacks were both conducted by BlackMatter, this could indicate a broader supply chain attack or campaign targeting the food chain, which means there may be other companies that were breached and don't know it yet or have failed to report," Fowler said. "These ransomware attacks forced both companies to take their systems offline, which could have significant and longer-term consequences. Ceasing operations could cut off feed supply for animals and, in turn, cut meat processing, dairy production, and more, creating enormous unintended consequences and potentially food scarcity nationwide."

Earlier this month, the FBI released a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains.

"Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack," the FBI said. 

The notice goes on to list multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million. 

JBS ended up paying an $11 million ransom to the REvil ransomware group after the attack caused meat shortages across the US, Australia and other countries. In November, the FBI also cited an attack on a US-based international food and agriculture business that was hit with a $40 million ransom demand from the OnePercent Group.

Show Comments