Friday, March 6, 2026
The CSC Eagle Newspaper – Chadron, NE
Latest:
The CSC Eagle Newspaper – Chadron, NE
Ag & Range

Ransomware group targets agricultural cooperative

Kamryn Kozisek

The victim, New Cooperative, Inc., refuses to pay $5.9 million demand

On Sept. 1,8 BlackMatter, a Russian-based ransomware group operating on the dark web, announced their newest target an agricultural business in Iowa.

On Sept. 20, New Cooperative Inc., an agriculture co-operation working out of Fort Dodge, Iowa, had a full system shut down, all of their electronic information is being held for a $5.9 million ransom.

As of Sept. 29, no new information regarding the ransomware attack as been released. 

According to a source who spoke to The Messenger an Iowa based newspaper, the co-op has not paid and is refusing to pay.

On their website BlackMatter states they do not attack any organizations they deem critical, including hospitals and nonprofits.

Dark Feed, an organization that watches ransomware groups on the dark web, shared the initial announcement made when New Cooperative was picked as an upcoming hack and shared a screenshot of the messages between the co-op and BlackMatter.

In a message to BlackMatter following the initial attack, New Cooperative said they should be considered critical, claiming 40% of the U.S. grain supply and 11 million animal feed schedules run through their software. 

BlackMatter responded saying the company did not fall under the rules, because they make a profit off of their business.

In the same message New Cooperative stated the Cybersecurity and Infrastructure Security Agency (CISA) was demanding answers from them. 

BlackMatter responded in a later message telling New Cooperative not to threaten them or risk not receiving a decryption.  

Another screenshot from BlackMatter shared on Dark Feed showed what information from New Cooperative is being held, this includes financial and network information, human resource information including social security numbers from 401k’s, legal and executive information, product creation procedures and the company’s soil map source code.

BlackMatter threatened to release the information if the ransom was not paid by Sept. 25, according to The Messenger’s source, the ransom was not paid in time.

“What’s notable about the attack is the company’s insistence that they are critical infrastructure and should therefore be spared as per BlackMatter’s own policy,” John Shier, senior security adviser at Sophos, told Ars Techinca. “However, the operators behind BlackMatter disagree with this assessment and are continuing to pursue payment from the victim.This attack will be the first to test the new US government policy on reporting attacks against critical infrastructure to CISA and the Biden administration’s response to such an attack.”

 No information about the release of the companies information has been shared.

“CISA is going to be 

demanding answers from us in the next 12 hours or so and we are going to have to tell them 

exactly what has happend and why the food supply chain is 

disrupted.” 

– New Cooperative Inc. in a message to BlackMatter in a screenshot posted by Dark Feed