Ransomware hackers find vulnerable target in U.S. grain supply

·3 min read

At least three U.S. grain distributors’ systems have been infected with ransomware in recent weeks, raising concerns that hackers have found an easy target in a vital part of the U.S. food supply chain.

All three known victims are Midwestern grain cooperatives that buy grain from farmers and then process, store and resell it for uses like livestock feed and fuel. The attacks, in which organized cybercriminals lock up organizations’ computers and demand ransom for a program to unlock them, has slowed the distributors’ operations, hampering their ability to quickly process grain as it comes in.

The timing is particularly bad, said Charles Hurburgh, the head of Iowa State University’s Grain Quality Laboratory.

“We’re going into harvest, and right now is when they’re taking in a large amount of grain and putting out a large amount of grain,” Hurburgh said. “It’s a real nasty situation.”

Like many industries, grain production involves heavily digitized operations that were previously done by hand. Hackers who deploy ransomware, locking up their computers and demanding payment, may not be able to stop the distributors entirely, but they can severely slow them down.

The largest of the three known victims, New Cooperative in Iowa, is still working to restore automated systems after it was hacked last month, a spokesperson said in a statement. An employee for another, Farmers Cooperative Co., also in Iowa, declined to comment, citing advice from the company’s attorneys. The third, Crystal Valley in Minnesota, didn’t respond to emails and voicemails.

Private files of all three have been published to ransomware hackers’ websites, which NBC News has viewed, a common tactic for ransomware hackers to deploy against victims who refuse to pay.

While grain is a key component to the U.S. food supply chain, its market is large enough that the country won’t see a noticeable effect from slowed production by three distributors, Hurburgh said.

The fact that there have been three known attacks in a short span indicates that the hackers may have broken into a company that manages internet services in the industry or found a vulnerability in software they tend to use, said Allan Liska, a ransomware analyst for the cybersecurity firm Recorded Future. That means there may be other victims who have yet to be made public, he said.

“The fact that there were three so close together tells me there are probably others we don’t know about,” Liska said.

Eric Goldstein, the executive assistant director of the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said the attacks weren’t a dedicated assault on the agricultural industry but rather the outcome of opportunistic hackers’ exploiting whatever victims they could.

“Ransomware incidents can affect any organization, including small ones,” he said. “That can be challenging with an organization perhaps with limited resources or that doesn’t have a dedicated security team.”

Victims or anyone else looking to avoid ransomware infections can visit CISA’s dedicated resource center, stopransomware.gov, Goldstein said.

“We know that every sector is at risk. Every organization big or small is possibly a victim, which is why it’s important for all organizations to take the necessary steps to secure their own networks,” he said.

CORRECTION (Oct. 7, 2021, 8:15 p.m. ET): A previous version of this article misspelled the last name of the head of the Grain Quality Laboratory at Iowa State University. He is Charles Hurburgh, not Hurbugh.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting