Russian hackers target US food and grain production

Cybercriminals have hacked American grain producers, disrupting a key link in the US food supply chain.

The attack by BlackMatter, a group thought to be based in Russia, crosses one of President Biden’s red lines and could test his resolve.

In July Biden warned President Putin that Russian-based hackers should stay clear of 16 critical sectors of the US economy, one of which was food and agriculture.

New Co-operative, an alliance of soy and corn farmers with more than 8,000 members, was forced offline on Tuesday. Its system monitors food supply chains and feeding schedules for millions of chickens, hogs and cattle.

The hackers threatened to publish the co-op’s data, including the confidential code to its soil-mapping technology, unless a ransom of $5.9 million was paid in untraceable cryptocurrency by September 25, The Washington Post reported. The company said in a statement that the hack had affected some of its “devices and systems”.

The strategy of encrypting a company’s files and demanding a ransom to release them is a common tactic of cybercriminals.

New Co-operative said: “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained. We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”

The co-op added: “We appreciate the patience of our valued customers as we investigate this matter and work to restore functionality and will share additional information directly with our customers as we learn it.”

In what are believed to be screenshots of a dialogue between the co-op and the hackers, tweeted out by security researchers, the co-op said 40 per cent of America’s grain production ran through its software and that the ransomware attack would “break the supply chain very shortly” if the hackers did not stop.

The attack comes on the heels of a year of escalating cyberattacks in the US and across the West during the Covid-19 pandemic, prompting fears that cybercriminals based in Russia and eastern Europe are attacking critical US infrastructure with impunity.

In May, Colonial Pipeline, which provides 45 per cent of the American east coast’s fuel, was taken offline by hackers. Weeks later, JBS USA, one of the world’s largest meat providers, which operates in the US, Canada, Brazil and Australia, was hacked by Russian outfit REvil.

Both companies chose to pay ransoms, although the US Justice Department was able to recover the majority of the $4.4m in bitcoin paid to hackers by Colonial. JBS paid an $11m ransom in June.

The US government has not directly linked the attacks to the Kremlin.

A separate ransomware attack on the American IT company Kaseya in July impacted up to 1,500 of its clients and prompted a cybercrime summit of senior American and Russian officials.

The FBI warned this month that food and agriculture producers could be targeted by cybercriminals, who can “disrupt operations, cause financial loss and negatively impact the food supply chain”.

Larger businesses, the agency said, were targeted based on their perceived ability to pay higher ransoms.