Grain Cooperative Ransomware Attack Could Prompt Food Shortages

The BlackMatter ransomware group’s attack on an Iowa grain cooperative could lead to food shortages in the coming weeks and months.

That’s according to Curtis Simpson, Armis‘ CISO. The BlackMatter ransomware group is demanding $5.9 million from New Cooperative not to leak stolen data and provide a decryptor. New Cooperative is a farmer’s feed and grain cooperative with more than 60 locations throughout Iowa.

BlackMatter said the ransom will increase to $11.8 million if the company doesn’t pay within five days.

Armis’ Curtis Simpson

“Like with other supply chains, one attack on an element of the food and agriculture supply chain fundamentally has a downstream impact on consuming businesses and consumers,” Simpson said. “Your favorite dish at a nearby restaurant or cut of meat at the butcher counter may simply be unavailable for some time or, much, much more expensive if it remains or becomes available again in the future.”

Product shortages as a whole can and have recently resulted in rushes by consumers to buy what they can of a product experiencing shortage issues before it’s no longer available, he said. This further exacerbates the overall supply challenges and raises prices for everyone across the board.

“The food and agriculture industry is heavily reliant upon connected machinery to power key aspects of the business,” Simpson said. “These connected machines are growing targets for bad actors due to most companies’ limited visibility into risks and threats impacting these assets, their overall level of exposure to attacks (including through the exploitation of connected machines), and the high likelihood of being paid a ransom if the attack even approaches let alone impacts machine-driven operations.”

Coop Attack Could Severely Impact Small Operations

Small operations enable much of the food and agriculture supply chain, Simpson said. The pandemic already strained some of these operations. And this attack could “simply knock them out of business for good.”

“Once again, as this happens, downstream operations ranging from food service providers, to restaurants to hospitals and consumers will all have issues sourcing products, he said.

John Shier is senior security adviser at Sophos. He said BlackMatter’s impact on the grain cooperative could be far reaching given the company’s role in the agricultural supply chain and the fact that it’s harvest season now.

Sophos’ John Shier

“According to the company, 40% of U.S. grain production runs through their software, which could impact feed schedules and therefore the end products down the line,” he said.

It’s always a good idea to avoid a ransomware payment whenever possible, Shier said. However, the decision to pay or not has been and always will be unique to every attack.

“Not knowing the specifics of this attack and New Cooperative’s preparedness makes it impossible to answer,” he said.

It’s difficult to determine what the ultimate outcome will be, Shier said. That’s especially since “most of us don’t fully understand the complexity of this supply chain.”

“If New Cooperative has a ransomware recovery plan, this could be a non-event,” he said. “If they don’t, it could have a massive impact. Without further details, anything we say is pure speculation.”

Trickle-Down Impact

Tim Grelling is director of innovation and security at Core BTS. He said the most significant aspect of this attack is the impact to the organization and related entities.

All organizations hit with ransomware face some cost associated with recovery and restoration of business, he said.

CoreBTS’ Tim Grelling

“But attacks on organizations in the supply chain have a trickle-down impact on other organizations and potentially the economy, Grelling said.

He’s not surprised by anyone being targeted by ransomware.

“The ongoing discussions about this attack and if they are critical infrastructure or not is fascinating to me,” Grelling said. “I know that the president specifically called out 16 industries/sectors as off-limits. But that doesn’t give organizations in those sectors immunity from attacks. They still have to do their due diligence as related to security.”

This impact of this attack depends on how long it takes the coop to resume regular business functions, he said.

“Everyone is a potential target,” Grelling said. “It doesn’t matter if your organization has critical infrastructure or not. Everyone must manage their business risks related to ransomware and have adequate protection, detection and recovery capabilities to minimize business impact related to ransomware and other attacks.”