MANKATO, MINNESOTA, US — For the second time this week, a midwestern agricultural cooperative in the United States has been forced to take its systems offline due to a ransomware cyberattack.
Crystal Valley Cooperative, which operates eight grain elevators in Minnesota with a total storage capacity of 25 million bushels, said it became aware of the attack on Sept. 19. That was the same day that New Cooperative, a farm service business with facilities located mostly in northwest and north central Iowa, was targeted by a ransomware group.
“This attack has infected the computer systems at Crystal Valley and severely interrupted the daily operations of the company,” the Crystal Valley officials said. “Because of this, we are unable to accept Visa, Mastercard and Discover at our cardtrols (a device allowing access to a fuel dealer’s unattended pump) until further notice. Local cards do work.”
Crystal Valley said it was working with cybersecurity experts to re-establish safe and secure operating systems, which will be back online “when we are confident the issue has been resolved.”
Ransomware involves threats to release private information or to block access to critical files unless a ransom is paid to the cybercriminals. In the case of the cyberattack targeting New Cooperative, a Russian-backed Ransomware group called BlackMatter is demanding a $5.9 million ransom. It is unclear which group targeted the Crystal Valley Cooperative and what amount of ransom is being demanded.
Bloomberg reported earlier this week that BlackMatter is believed to be linked to the ransomware group called DarkSide, which attacked the Colonial Pipeline in the United States earlier this year, causing fuel shortages for several weeks in the eastern part of the United States.
The attack at the agricultural co-ops comes as fall harvest is getting underway.
Minnesota is the nation’s third largest soybean producer in the United States and ranks fourth in corn production. Iowa is the country’s top corn producer and is No. 2 in soybean output.