Security Experts:

U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA have issued a joint alert to warn organizations about an increase in cyberattacks involving the Conti ransomware. The alert comes just as another major farming cooperative confirmed being hit by ransomware.

The alert issued by the government agencies says Conti ransomware has been used in attacks on more than 400 organizations in the United States and other countries. The alert includes technical information on Conti attacks, as well as recommendations for reducing the risk of compromise.

Conti emerged in 2020 and the FBI earlier this year said it had been aware of 16 Conti attacks targeting healthcare and first responder networks.

The latest alert was issued just as another major farmer cooperative in the U.S., Minnesota-based Crystal Valley Cooperative, confirmed being targeted in a ransomware attack. The announcement was made just days after another large farmer cooperative, Iowa-based New Cooperative, was hit by BlackMatter ransomware.

Crystal Valley is a farm supply and grain marketing cooperative covering southern Minnesota and northern Iowa. Local media reported that the coop serves 2,500 farmers and livestock producers.

It’s unclear what type of ransomware was used in the Crystal Valley attack as the company has not disclosed the information, and Crystal Valley is currently not listed on the leak websites of any major ransomware group.

The fact that the cooperative is apparently not mentioned on any ransomware website could mean that the organization is negotiating with the cybercriminals, or that the hacker group that attacked Crystal Valley only encrypts files but does not steal and leak information. It’s also possible that a ransomware group will take credit for the Crystal Valley attack in the coming hours or days.

In a statement posted on its Facebook page, Crystal Valley said the attack was detected on September 19 and it resulted in its computer systems getting infected and daily operations being disrupted.

The company has shut down its website and informed customers that it’s unable to accept certain types of payment cards at cardtrols due to the incident.

In the case of the New Cooperative attack, the attackers reportedly demanded a $5.9 million ransom from the victim. The company attempted to convince the attackers that they are part of critical infrastructure — BlackMatter claims they do not attack critical infrastructure — but leaked conversations showed that the hackers insisted on getting paid, refusing to believe that the incident could have a significant impact on the food supply chain.

The attacks on Crystal Valley and New Cooperative come just weeks after the FBI issued a warning to the food and agriculture sector about an increase in ransomware attacks that could disrupt the food supply chain. The alert targeted farms, food processors, manufacturers, markets and restaurants.

Related: Biden Tells Putin Russia Must Crack Down on Cybercriminals

Related: Green Energy Company Volue Hit by Ransomware

Related: Success of Ransomware Attacks Shows the State of Cybersecurity

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.