Ransomware strike targets US agriculture industry, White House quietly hits back

Biden administration has not yet attributed perpetrators in recent cybercrime strikes

An industry marked as "off limits" to Russian hackers by President Biden was hit in a ransomware attack earlier this week when the operations of two farming co-ops in Iowa and Minnesota were disrupted.

In a June meeting with Russian President Vladimir Putin, Biden warned the Kremlin that cyberattacks against 16 U.S. industries – including agriculture – would not be tolerated.

The president said it was an effort to establish a "cybersecurity arrangement" and restore "order" after the largest U.S. fuel pipeline and a major meatpacking company were shut down by ransomware schemes.


On Sunday, Minnesota-based farm supply and grain marketing cooperative Crystal Valley was hit by a ransomware attack that "infected the computer system" and "severely interrupted the daily operations of the company," the group said in a statement.

The co-op did not answer Fox News questions about the ransom amount or who is suspected behind the latest attack.

But the following day reports surfaced showing another attack was levied at Iowa-based farming co-op, NEW Cooperative, by hackers demanding a $5.9 million cryptocurrency payout in exchange for renewed access to its food supply chains.

NEW Cooperative did not respond to a Fox News request for an interview. But according to the Wall Street Journal, Russian cybercrime group BlackMatter is believed to be behind the attack.

In a screen shot by Dark Feed, the group appeared to mock NEW Cooperative by suggesting they did not fall under "critical" infrastructure outlined by Biden.

The farming group warned the cybercrime group in an online chat that they attacked the agricultural industry and could face severe consequences from the U.S. government, Recorded Future shared in a tweet.

Despite reports that BlackMatter was negotiating with the Iowa co-op, a National Security Council (NSC) spokesperson told Fox News that the U.S. government has not formally attributed the attacks to a specific group.

"That being said, we are bringing the full weight of U.S. government capabilities to disrupt the ransomware networks and facilitators behind this disruptive activity," the spokesman added. "We are conducting a whole of government ransomware effort to address the increased threat from ransomware."

The NSC spokesman said the U.S. government is working to disrupt ransomware infrastructure and actors, as well as working with private entities to modernize defenses.  

But former CIA Moscow station chief Daniel Hoffman argued not enough has been done in the way of deterrence.

"What we know is that we got hit with another attack," he said. "That means that we haven’t deterred them. Russia is allowing these groups BlackMatter and Revil…to homestead on their territory.

"This administration needs to deter Russia and the way you do that is by countering them," he added. "Go tell the Russians if you can’t stop them, we’re going to stop them instead, and then take action against them."


On Tuesday the Treasury Department said it will impose sanctions on the virtual currency exchange Suex OTC, S.R.O. after determining its involvement in facilitating illicit transfers for at least eight ransomware groups. 

According to Chainalysis, which reportedly assisted the U.S. in its investigation of the Russian-based broker, Suex was discovered to have received "over $160 million from ransomware actors, scammers, and darknet market operators."

The company found that Suex netted $13 million from ransomware operators like Ryuk and Maze – both of which the U.S. government has tied to Russia-based criminal groups.

Deputy Secretary of the Treasury Wally Adeyemo said the sanctions were part of the administration’s whole-of-government effort to counter cybercrime and would work to "destruct and deter these criminals by going after their financial enablers."

Hoffman argued Biden should take a more aggressive approach to deter cyber criminals and pointed to the 2018 attack on the Russian troll farm, the Internet Research Agency, by the Trump administration. 

"Now, they may not want to go to war with these hackers, because the hackers will attack back and strike us," he said.


But the former CIA Moscow station chief said the administration needs to take a more offensive stance and stop "defending us at the point of attack."

"You have to go on the offense too – as President Bush used to like to say about terrorists, you got to take the fight to the enemy," he added.

Brooke Singman contributed to this report.