article featured image


This was the second farming cooperative attack of the week, the first one being aimed at an Iowa-based cooperative.

Crystal Valley has been targeted in a ransomware attack. The attack has infected the computer systems and disrupted the daily operations of the company.

Note: due to this, we are unable to accept Visa, Mastercard, and Discover cards at our cardtrols until further notice. Local cards do work.

As we continue to navigate through this with the help of experts, we appreciate your patience and understanding. We will continue to update with information as it becomes available.


Crystal Valley is a leading farm supply and grain marketing cooperative focused on serving the needs of crop farmers and livestock producers in southern Minnesota and northern Iowa.

Crystal Valley has recently disclosed the fact that their company was targeted with a ransomware attack that led them to shut down IT systems, therefore making them unable to accept any payments using Visa, Mastercard, and Discover credit cards.

On Sunday, September 19, Crystal Valley was alerted we had been targeted in a ransomware attack. This attack has infected the computer systems at Crystal Valley and severely interrupted the daily operations of the company. Crystal Valley and cyber security experts are working diligently to re-establish safe and secure operating systems, which will be back online when we are confident the issue has been resolved.


At this time, it’s unclear what ransomware operation was behind this attack.

It’s important to remember as well that earlier this month, the FBI released a notice in which it was warning the companies from the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains.

In the notice, the FBI explains that food and agriculture ransomware attacks interrupt businesses, create financial losses, and have a detrimental impact on the food supply chain. Small farms to big producers, processors, and manufacturers, as well as marketplaces and restaurants, may be affected by ransomware.

In a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems, cyber-criminal threat actors can now use network weaknesses in order to exfiltrate data and encrypt systems.

It seems that the ransomware victims in the food and agriculture industry suffer considerable financial losses as a result of ransom payments, lost production, and cleanup expenses, alongside potentially losing intellectual information and personally identifiable information (PII).

The Food and Agriculture sector is among the critical infrastructure sectors increasingly targeted by cyber-attacks. As the sector moves to adopt more smart technologies and internet of things (IoT) processes the attack surface increases. Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes, according to a private industry report.


Critical Infrastructure Under Attack

The attack on Crystal Valley marks the second farming cooperative attack that happened in the past week, New Cooperative being previously targeted by BlackMatter ransomware.

The ransomware group demanded a $5.9 million ransom in order to not leak data and provide the company with a decryption key.

It’s interesting to note that the US government classified food and agriculture as critical infrastructure that is vital to the United States.

There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.


The Colonial Pipeline and JBS ransomware attacks made President Biden come out and warn Putin about the fact that any critical infrastructure should be off-limits for ransomware attacks, but unfortunately, we haven’t seen so far any signs of cooperation.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo