Minnesota farm coop caught in ransomware attack
Crystal valley becomes second agribusiness to find data encrypted by criminals


Minnesota-based farm supply and grain marketing coop Crystal Valley has become another agribusiness caught up in recent ransomware attacks.
In a Tuesday statement released by the Mankato, Minnesota-based cooperative, it said it was attacked. The following day, its website went offline. The organization serves over 2,500 farmers in southern Minnesota and northern Iowa.
The coop then made a statement on its Facebook page saying the attack “has infected our … computer systems and interrupted the daily operations of our company.”
The attack left the organization unable to accept Visa, Mastercard, and Discover cards until further notice, although “local cards do work.”
“As we continue to navigate through this with the help of experts, we appreciate your patience and understanding. We will continue to update with information as it becomes available,” it added.
The coop’s CEO, Roger Kienholz, told local newspapers it was “working diligently with our internal IT team along with multiple outside technology vendors to restore our data and return to full-service operation in a matter of days, especially now with fall harvest getting underway.”
What ransom cyber criminals have demanded from the small cooperative or what type of ransomware they used in the attack remains unknown. The incident comes just days after an attack on another farming cooperative.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Earlier this week, Iowa-based agricultural coop New Cooperative was hit by an attack by the BlackMatter ransomware gang.
RELATED RESOURCE
The essential cyber security toolkit for SMBs
Practical tips for cyber security training
Andrea Carcano, co-founder of Nozomi Networks, said the food supply chain, and the supply chain in general, doesn’t have strong cyber security measures in place.
“Making matters worse, our national supply chain is already stretched thin due to COVID and recent natural disasters,” he said. “Those suppliers who invest early in strong cybersecurity programs and resiliency are able to respond faster, and with less financial damage, when an attack occurs."
John Shier, senior security advisor at Sophos, told ITPro what was notable about this attack is the company's insistence that they are critical infrastructure and should therefore be spared as per BlackMatter's own policy.
“However, the operators behind BlackMatter disagree with this assessment and are continuing to pursue payment from the victim. This attack will be the first to test the new U.S. government policy on reporting attacks against critical infrastructure to CISA and the Biden administration's response to such an attack,” he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Forget about AI unless you’ve got the right hardware
News Research from Microsoft shows enterprises ramping up AI adoption are neglecting hardware upgrades - and it's holding them back.
-
How field service management is changing in 2025
In-depth AI is making it easier to dispatch technicians and predict when equipment needs fixing
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.