BlackMatter demands $5.9 million ransom from Iowa farm cooperative

New Cooperative, an Iowa-based cooperative that operates grain storage elevators and buys crops from farmers, has been hit by a $5.9 million (£4.3 million) ransom demand after being hit by the BlackMatter group.

The BlackMatter ransomware leak page shows the gang has obtained financial documents, network information for multiple companies associated with New Cooperative, social security numbers and personal information of employees, and source code for Soil Map, a farmer technology platform, ransomware expert Allan Liska told ZDNet.

The group claims to have 1TB of data and has set a timer it says will expire at midday on 25 September. It's also demanding a $5.9 million ransom payment from New Cooperative.

"We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained," New Cooperative said in a statement to Reuters. "We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation."

On social media, there are screenshots of chat logs which appear to be between the ransomware group and New Cooperative. The farming group states that it is critical infrastructure as it is intertwined with the food supply chain in the US, and is asking why it was attacked if BlackMatter claims to not attack critical infrastructure.

“About 40% of grain production runs on our software, and 11 million animals feed schedules rely on us,” said New Cooperative, before adding that CISA would be demanding answers from the group in the next 12 hours and “we are going to have to tell them exactly what happened and why the food supply chain is disrupted”.

BlackMatter refused to back down, replying to the company that “you do not fall under the rules, everyone will only incur losses,” before saying the company should come to an agreement with them and solve everything quickly.

Don Roose, the president of US Commodities in West Des Moines, Iowa, told Reuters that the timing of the attack is making it crucial that NEW Cooperative get its systems back online as soon as it can as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across the state.

“They have got you boxed into a corner,” Roose said. “Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans.”

IT Pro has contacted New Cooperative for comment. CISA declined to comment on the story.

In June, JBS Foods paid an $11 million (£7.8 million) ransom to hackers who compromised its IT system. The meat processing company fell victim to a ransomware attack in May and was forced to suspend its systems and, in some areas, shut down production for 24 hours. The company confirmed it made the ransom payment to the attackers, totalling $11 million in Bitcoin.