Food Supply Chain

Ransomware Hits When It Hurts Most

Attackers know that grain cooperatives can't wait. They strike during planting and harvest seasons, when every day matters—and demand millions while food supply chains hang in the balance.

Active Threat$5.9M Single Demand11M Animals at Risk

212

Food/Ag Ransomware Attacks (2024)

27%

Year-over-Year Increase

Most Targeted Industry

Co-ops Hit in 3 Weeks (Sept 2021)

FBI Warning

"Historically, ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss and negatively impacting the food supply chain."

— FBI IC3 Advisory

Case Study: NEW Cooperative (Iowa)

NEW Cooperative Attack

September 2021BlackMatter RansomwareIowa

$5.9M

Initial ransom demand

$11.8M

Threat if not paid in 5 days

11M

Farm animals at risk

What Was At Risk:

Systems supporting 40% of grain production
Feed schedules for 11 million farm animals
Pork and chicken supply chains
Public grain supply

Attacker's Warning

The attackers claimed the attack could "significantly impact the public supply of grain, pork, and chicken"—demonstrating they understood the supply chain consequences.

Pattern of Attacks

Between September 15 and October 6, 2021 alone, six grain cooperatives experienced ransomware attacks—all during critical harvest season.

NEW Cooperative

IowaSeptember 2021

Critical

$5.9 million demanded

Systems supporting 40% of grain production threatened. Feed schedules for 11 million farm animals at risk. Warned attack could 'significantly impact the public supply of grain, pork, and chicken.'

Attacker:BlackMatter

Crystal Valley Cooperative

MinnesotaSeptember 2021

Critical

8 grain elevators, 25 million bushels capacity affected. Computer systems infected. Credit card payments disabled. Drivers using hand-written tickets for grain delivery.

Attacker:Unknown ransomware group

Multi-State Grain Company

Multiple StatesMarch 2022

Critical

Operations disrupted across multiple states during critical agricultural period.

Attacker:Lockbit 2.0

Why Attackers Target Agricultural Cooperatives

Time Sensitivity

Cyber actors perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.

Supply Chain Criticality

A significant disruption of grain production could impact the entire food chain, since grain is consumed by humans and used for animal feed.

Economic Impact

Significant disruptions can impact commodities trading and stocks—giving attackers leverage for larger ransom demands.

Seasonal Windows

Attackers strike during planting and harvest when every day counts and cooperatives can't afford downtime.

Known Ransomware Groups Targeting Agriculture

BlackMatterContiLockbit 2.0SuncryptSodinokibi/REvilBlackByte

Protection Priorities for Agricultural Cooperatives

Backup All Critical Systems Offline

Maintain air-gapped backups that ransomware can't reach. Test restoration regularly.

Prepare Manual Operation Procedures

Document how to run operations without computers. Train staff on paper-based processes.

Heighten Security During Planting/Harvest

Extra vigilance during critical seasons when attackers know you can't afford downtime.

Review Ransomware Insurance Coverage

Understand what's covered, what's not, and what conditions apply before an incident.

Develop Incident Response Plans

Know who to call, what to do, and how to communicate during an attack.

Segment Networks

Separate business systems from operational technology. Limit what attackers can reach.

Official Resources

FBI: Ransomware Attacks on Agricultural Cooperatives

FBI advisory on ransomware targeting agricultural cooperatives

CISA: Ransomware Guide

Stop ransomware resources and prevention guidance

Food and Agriculture ISAC

Threat intelligence sharing for food and agriculture sector

Related Infrastructure Threats

Water System Attacks

Iranian, Russian, and Chinese hackers are actively targeting American water treatment facilities.

View Water Threats →

Electric Cooperative Attacks

Rural electric cooperatives are favored targets. Learn about attacks that kept systems down for months.

View Electric Threats →

Is Your Cooperative Prepared?

Take our free security audit to assess your cooperative's vulnerabilities and get recommendations for ransomware protection.

Start Security Audit View All Infrastructure Threats

Case Study: NEW Cooperative (Iowa)

NEW Cooperative Attack

September 2021BlackMatter RansomwareIowa

$5.9M

Initial ransom demand

$11.8M

Threat if not paid in 5 days

11M

Farm animals at risk

What Was At Risk:

Systems supporting 40% of grain production
Feed schedules for 11 million farm animals
Pork and chicken supply chains
Public grain supply

Attacker's Warning

The attackers claimed the attack could "significantly impact the public supply of grain, pork, and chicken"—demonstrating they understood the supply chain consequences.

Why Attackers Target Agricultural Cooperatives

Time Sensitivity

Cyber actors perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.

Supply Chain Criticality

A significant disruption of grain production could impact the entire food chain, since grain is consumed by humans and used for animal feed.

Economic Impact

Significant disruptions can impact commodities trading and stocks—giving attackers leverage for larger ransom demands.

Seasonal Windows

Attackers strike during planting and harvest when every day counts and cooperatives can't afford downtime.

Protection Priorities for Agricultural Cooperatives

Backup All Critical Systems Offline

Maintain air-gapped backups that ransomware can't reach. Test restoration regularly.

Prepare Manual Operation Procedures

Document how to run operations without computers. Train staff on paper-based processes.

Heighten Security During Planting/Harvest

Extra vigilance during critical seasons when attackers know you can't afford downtime.

Review Ransomware Insurance Coverage

Understand what's covered, what's not, and what conditions apply before an incident.

Develop Incident Response Plans

Know who to call, what to do, and how to communicate during an attack.

Segment Networks

Separate business systems from operational technology. Limit what attackers can reach.