grain elevators

Episode 227: What’s Fueling Cyber Attacks on Agriculture ?

In this episode of the podcast (#227) we speak with Allan Liska, the head of the CSIRT at the firm Recorded Future. about the spate of attacks in recent months targeting food processing plants, grain cooperatives and other agriculture sector targets. Allan and I talk about the how these attacks are playing out and why, all of a sudden, the agriculture supply chain is under attack.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google PodcastsStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]


There’s trouble on the farm. Recent weeks have seen an increase in attacks on elements of the U.S. food production system. Most famously, there was the meat processor JBS ), which paid $11 million in June to ransomware criminals from the REVil group to regain access to hacked systems and data. 

Allan Liska, Recorded Future
Allan Liska runs the CSIRT at Recorded Future

Then, September brought news of still more attacks on critical food supply chain partners. The New Cooperative, an Iowa grain cooperative with more than 60 locations, was hit by ransomware operated by BlackMatter, a ransomware gang with roots in the DarkSide group, a Russian cybercriminal outfit that was responsible for the attack on the Colonial oil and gas pipeline in the spring. Also in September, the Crystal Valley Cooperative, a Minnesota based farm supply and marketing cooperative was hit with ransomware, knocking the company offline and disrupting business operations.

Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security

More Agriculture Supply Chain Attacks on Tap

That might not be the end. Threat researcher Allan Liska told the DesMoines Register this week that a ransomware group using the name BlackByte had claimed to have compromised an Arcadia, Iowa based organization, the Farmers Cooperative Elevator Company, and was threatening to release 100 GB of data if a ransom isn’t paid. (I reached out to Farmers Cooperative. Employees wouldn’t confirm or deny that the attack took place and there is no mention of it on the company’s web site or social media accounts.) If true, however, the report would indicate that attacks on US agriculture supply chain are becoming more common- which many cyber security experts have predicted. 

Report: Critical Infrastructure Cyber Attacks A Global Crisis

How are these attacks happening? And why are they happening now? To help understand that, I invited Allan Liska of Recorded Future into the Security Ledger studios for a conversation. In this podcast, recorded after the attack on the New Cooperative, Allan and I discuss why grain coops suddenly find themselves in the cross hairs of Russian ransomware groups and what steps need to be taken to secure these critical food supply chain players.