UPDATE: Sept. 24, 2021: Crystal Valley on Friday said it is sending formal data breach notifications to all its customers and business partners and warned them in a website posting to assume their personal data has been compromised.

The Mankato, Minnesota-based farm cooperative was hit by a ransomware attack on Sunday and has as been largely silent since announcing the incident earlier this week. Officials said it is taking grain at all elevator locations, but said operations will be slower than normal because it is relying on manual hand tickets.

The co-op said unauthorized persons may have been able to view proprietary data, but it was not aware of any data being used inappropriately. The company did not directly address whether a specific ransom was demanded or paid, but it said no money had been stolen and remains able to meet all financial obligations.

The cooperative warned customers and partners to monitor their bank accounts and financial information, including a review of credit reports. Officials apologized for the incident.

Dive Brief:

• Just days after an Iowa-based grain supplier was hit by a ransomware attack, Crystal Valley Cooperative, a Mankato, Minnesota-based agricultural cooperative, shut down operations following a ransomware attack, according to a Facebook post by the company.
• Crystal Valley is unable to accept Visa, Mastercard and Discover cards at its cardtrols, however the cooperative said local cards can still be used. Crystal Valley is working with various experts to help recover from the incident and will continue to issue further updates. 
• The incident marks the second known incident involving an agricultural cooperative since the FBI and Cybersecurity & Infrastructure Security Agency issued a warning about ransomware targeting food and agricultural companies earlier this month.

Dive Insight:

The ransomware attack Sunday against Crystal Valley marked the second ransomware incident on an agricultural supplier and affirms a wider threat against the industry that federal officials have recently raised concerns about. 

The company did not say which group was behind the new attack or whether a specific ransom demand had been made, but the new attack has directly impacted the ability of Crystal Valley to service its customers. 

Federal officials on Wednesday did not comment specifically on the Crystal Valley incident, but confirmed they have been working with New Cooperative to help them recover from that ransomware attack.

"CISA and the FBI are in close contact with New Cooperative and have offered assistance in supporting the company’s response and recovery," Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement to Cybersecurity Dive. "The company is engaging proactively with CISA as the investigation progresses."

Researchers say the attacks on New Cooperative and Crystal Valley point to a wider danger that threat actors see critical infrastructure as a potentially lucrative and vulnerable target. 

"This incident follows those on Colonial Pipeline and JBS, highlighting how common ransomware attacks against critical infrastructure have become," Anurag Kahol, chief technology officer and co-founder of Bitglass said. "Unfortunately, cybercriminals are more likely to target and put up a hefty ransom for large organizations that are vital to the flow of the U.S. economy in hopes that they will hastily pay the ransom to recover their operations."