The MSP Responder – NEW Cooperative Ransomware Attack

New Cooperative Ransomware Attack

What Happened?

NEW Cooperative Hit with Ransomware, Core Systems and Sensitive Data is Compromised.

Russian organized cybercriminals, BlackMatter, used ransomware to attack Iowa-based U.S. farm cooperative, NEW Cooperative.

NEW Cooperative is one of the largest farm cooperatives, and is responsible for much of the country’s grain production. This includes fertilizer supply, storage, animal feed, and technology. Their animal feed has a direct impact on feeding schedules for millions of chickens, hogs, and cattle.

Hackers are not letting up on targeting infrastructure. This type of attack is becoming commonplace because ransom might be paid faster since so many people are impacted.

The ransomware attack occurred over the weekend, as many do, because of the lack of staff working on weekend days. Once the hackers locked down NEW Cooperative’s systems, they demanded $5.9 million. Once contact was established, threats were issued, saying that the federal government would respond forcefully but hackers refused to back down.

In fact, BlackMatter threatened if the ransom wasn’t paid, they would publish a terabyte of NEW Cooperative’s data. This would include invoices, research and development docs, and the source code to its soil-mapping technology.

What was Affected?

As with other attacks, NEW Cooperative took everything offline until they could isolate the threat. During the audit, NEW Cooperative found 653 breached credentials.

This graphic, of correspondence between NEW Cooperative officials and the hackers was released following the incident.

new cooperative ransomware conversation

“Chicken1” – A Call for Better Passwords.

Similar to the Colonial Pipeline attack in late April/early May of 2021, the breach seems to be a result of a bad password.

We encourage our MSPs and MSSPs to encourage users to create stronger passwords. Why? The audit found that the password “chicken1” was common among NEW Cooperative employees.

How Can I Prevent Ransomware Attacks?

From the email protection side of things (which is where many cyberattacks occur), Mailprotector can help you layer a complete email security platform on top of M365, G Suite, or any other email host.

Read more about how to prevent ransomware attacks >>.

Preventing Ransomware Attacks eBook (PDF)

Read an in-depth summary where we look at several recent ransomware attacks to break down exactly what happened, which ransomware prevention plans worked, and which ones didn’t hold up when it mattered the most.

Want to receive more information like this?

Mailprotector strives to help MSPs keep organizations safe. In doing so, we like to send occasional information on cybersecurity-related news events. As an email security company, we promise not to over-share!

Stay aware of email threats

Get notified whenever a new MSP Responder article is published: