BlackMatter demands $5.9 million ransom from Iowa farm cooperative
BlackMatter is demanding the ransom so the cooperative can unlock its systems right before the harvest season is set to begin


New Cooperative, an Iowa-based cooperative that operates grain storage elevators and buys crops from farmers, has been hit by a $5.9 million (£4.3 million) ransom demand after being hit by the BlackMatter group.
The BlackMatter ransomware leak page shows the gang has obtained financial documents, network information for multiple companies associated with New Cooperative, social security numbers and personal information of employees, and source code for Soil Map, a farmer technology platform, ransomware expert Allan Liska told ZDNet.
The group claims to have 1TB of data and has set a timer it says will expire at midday on 25 September. It's also demanding a $5.9 million ransom payment from New Cooperative.
"We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained," New Cooperative said in a statement to Reuters. "We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation."
On social media, there are screenshots of chat logs which appear to be between the ransomware group and New Cooperative. The farming group states that it is critical infrastructure as it is intertwined with the food supply chain in the US, and is asking why it was attacked if BlackMatter claims to not attack critical infrastructure.
RELATED RESOURCE
“About 40% of grain production runs on our software, and 11 million animals feed schedules rely on us,” said New Cooperative, before adding that CISA would be demanding answers from the group in the next 12 hours and “we are going to have to tell them exactly what happened and why the food supply chain is disrupted”.
BlackMatter refused to back down, replying to the company that “you do not fall under the rules, everyone will only incur losses,” before saying the company should come to an agreement with them and solve everything quickly.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Don Roose, the president of US Commodities in West Des Moines, Iowa, told Reuters that the timing of the attack is making it crucial that NEW Cooperative get its systems back online as soon as it can as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across the state.
“They have got you boxed into a corner,” Roose said. “Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans.”
IT Pro has contacted New Cooperative for comment. CISA declined to comment on the story.
In June, JBS Foods paid an $11 million (£7.8 million) ransom to hackers who compromised its IT system. The meat processing company fell victim to a ransomware attack in May and was forced to suspend its systems and, in some areas, shut down production for 24 hours. The company confirmed it made the ransom payment to the attackers, totalling $11 million in Bitcoin.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs