Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA have issued a joint alert to warn organizations about an increase in cyberattacks involving the Conti ransomware. The alert comes just as another major farming cooperative confirmed being hit by ransomware.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA have issued a joint alert to warn organizations about an increase in cyberattacks involving the Conti ransomware. The alert comes just as another major farming cooperative confirmed being hit by ransomware.

The alert issued by the government agencies says Conti ransomware has been used in attacks on more than 400 organizations in the United States and other countries. The alert includes technical information on Conti attacks, as well as recommendations for reducing the risk of compromise.

Conti emerged in 2020 and the FBI earlier this year said it had been aware of 16 Conti attacks targeting healthcare and first responder networks.

The latest alert was issued just as another major farmer cooperative in the U.S., Minnesota-based Crystal Valley Cooperative, confirmed being targeted in a ransomware attack. The announcement was made just days after another large farmer cooperative, Iowa-based New Cooperative, was hit by BlackMatter ransomware.

Crystal Valley is a farm supply and grain marketing cooperative covering southern Minnesota and northern Iowa. Local media reported that the coop serves 2,500 farmers and livestock producers.

It’s unclear what type of ransomware was used in the Crystal Valley attack as the company has not disclosed the information, and Crystal Valley is currently not listed on the leak websites of any major ransomware group.

The fact that the cooperative is apparently not mentioned on any ransomware website could mean that the organization is negotiating with the cybercriminals, or that the hacker group that attacked Crystal Valley only encrypts files but does not steal and leak information. It’s also possible that a ransomware group will take credit for the Crystal Valley attack in the coming hours or days.

In a statement posted on its Facebook page, Crystal Valley said the attack was detected on September 19 and it resulted in its computer systems getting infected and daily operations being disrupted.

Advertisement. Scroll to continue reading.

The company has shut down its website and informed customers that it’s unable to accept certain types of payment cards at cardtrols due to the incident.

In the case of the New Cooperative attack, the attackers reportedly demanded a $5.9 million ransom from the victim. The company attempted to convince the attackers that they are part of critical infrastructure — BlackMatter claims they do not attack critical infrastructure — but leaked conversations showed that the hackers insisted on getting paid, refusing to believe that the incident could have a significant impact on the food supply chain.

The attacks on Crystal Valley and New Cooperative come just weeks after the FBI issued a warning to the food and agriculture sector about an increase in ransomware attacks that could disrupt the food supply chain. The alert targeted farms, food processors, manufacturers, markets and restaurants.

Related: Biden Tells Putin Russia Must Crack Down on Cybercriminals

Related: Green Energy Company Volue Hit by Ransomware

Related: Success of Ransomware Attacks Shows the State of Cybersecurity

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...