Agricultural Supply Chain Attack

By William Beard, Jr on December 2, 2021

(By: William Beard on September 30, 2021)

Executive Summary

The agricultural sector has been hit with yet another cyberattack in 2021. New Cooperative a Iowa based grain collective was hit with a $5.9 million dollar ransomware attack by a Russia based group known as DarkMatter. The DarkMatter team is made up of hackers from another threat actor DarkSide, which was believed to be responsible for the Colonial Pipeline ransomware attack earlier this year. New Cooperative has yet to pay the ransom as of the September 25, 2021, deadline.

Background

In May of 2021 Colonial Pipeline, a pipeline system that carries jet fuel and gasoline up the east cost of the United States (US) was hit with a major ransomware attack. DarkSide, the hacking group associated with the attack had allegedly disbanded after receiving the ransom from Colonial Pipeline. In June, the worlds largest meat producer JBS was also hit by a ransomware attack by another Russia based threat actor known as REvil. The most recent attack by DarkMatter is just another in an unsettling trend of attacks on critical infrastructure. New Cooperative is a grain and corn co-op for the US. The co-op was able to quarantine the infected server and find a low-tech work around, until they can regain full access to their systems.

Impact

As of today, there has been little effect on New Cooperatives ability to process their grain and animal feed but, it could have greater effects in the coming months. New Cooperative officials stated that a little over one third of the US’s grain runs through their systems and that it could affect the grain supply shortly if they don’t get their systems back to full functionality.

Mitigation

After the Colonial Pipeline attack the Federal Bureau of Investigations (FBI) and Cybersecurity & Infrastructure Security Agency (CISA) had put together a list of best practices for helping to mitigate disruption due to these ransomware attacks. Although these best practices are a result of the Colonial Pipeline attack, they can and should be used by all critical infrastructure. Below, you can find the link to CISA’s alert with a detailed list of best practices.

Link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a

“On September 21st, the United States Department of the Treasury’s Office of Foreign Asset Control (OFAC) released guidance that all U.S. companies not reporting ransomware attacks would be subject to enforcement action and possible fines” [6]. This push could also be another potential mitigation strategy by the Biden administration to get those companies that are not reporting quickly enough to speak up.

Relevance

Ransomware attacks on critical infrastructure have been on the rise in 2021. With inflation already starting to hit the market and almost two years of lower production due to the Covid-19 Pandemic these attacks could have a devastating effect on an already hurting world economy. The US’s supply chain has taken a huge hit due to the pandemic via worker shortages and backed-up shipping ports and these types of cyber-attacks could exacerbate the issue even further. President Biden has already stated that the agricultural supply chain is considered critical infrastructure but, DarkMatter stated that New Cooperatives systems “do not fall under the rules” [3] and therefore was free for them to attack. With the economic fallout of the pandemic looming and the critical infrastructure ransomware attacks increasing it looks like we could be headed for some hard times ahead.

References

[1] https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/new-cooperative-ransomware-attack-timeline-status-updates/

[2] https://www.washingtonpost.com/business/2021/09/21/new-cooperative-hack-ransomware/

[3] https://www.bleepingcomputer.com/news/security/us-farmer-cooperative-hit-by-59m-blackmatter-ransomware-attack/

[4] https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/blackmatter-ransomware-analysis-the-dark-side-returns/

[5] https://us-cert.cisa.gov/ncas/alerts/aa21-131a

[6] https://www.jdsupra.com/legalnews/the-cyber-clock-is-ticking-biden-1863202/