Cyber Incident Victim: Crystal Valley

On September 19, 2021, Crystal Valley, a Minnesota-based farming supply and grain marketing cooperative serving agricultural clients in Minnesota and northern Iowa, detected a ransomware attack targeting its computer systems. The organization publicly disclosed the incident via a website notice, confirming it had been alerted to the intrusion that Sunday. The attack compromised Crystal Valley's IT infrastructure, prompting an immediate shutdown of affected systems to contain the damage. This operational disruption severely hindered daily business activities across the cooperative's operations. While the specific ransomware variant and threat actor remained unidentified, the incident marked the second attack on a US farming cooperative within days, following another unrelated breach earlier that week.

The ransomware infection forced Crystal Valley to suspend all credit card transactions utilizing Visa, Mastercard, and Discover payment networks, directly impacting customer transactions at its facilities. Internal teams collaborated with external cybersecurity experts to assess the compromise, restore system integrity, and prepare for safe reactivation of services. The cooperative emphasized systems would remain offline until investigators confirmed complete resolution of security vulnerabilities. No data theft or extortion demands were disclosed publicly. BleepingComputer attempted contact with Crystal Valley for additional details on September 21 but received no response by the time of reporting. Operational recovery timelines and financial impacts were not quantified in available communications.