NEW Cooperative, an association of Iowa corn and soybean farmers, will likely not pay a multi-million-dollar ransom demanded by a cyber criminal group, according to a farmer close to the Fort Dodge-based coop.

The coop was hit in recent days with a ransomware attack by the BlackMatter gang, whose goal is to encrypt files in an infected computer and demand a ransom for decrypting those files. The attack was made public on Monday.

In a post on its darkweb site, BlackMatter threatened to publish 1 terabyte of data it claimed to have stolen from NEW Co-op if its ransom demand was not paid by Saturday.

Security researcher Allan Liska of Recorded Future said the criminals demanded a $5.9 million ransom for a decryptor key to unlock files they scrambled. He said a sample of their malware was uploaded to a research site either late Sept. 17 or early Sept. 18.

BlackMatter forced member-owned NEW Coop to take their systems offline, but the company was able to create workarounds to receive grain and distribute feed. The attack hit just as Iowa’s corn and soybean harvesting is getting underway.

NEW Cooperative said in a statement earlier this week that the attack was “successfully contained” and that it had quickly notified law enforcement. It said it took its systems offline out of “an abundance of caution” and was working with data security professionals to quickly remedy the situation. It did not specify when the ransomware was activated.

A farmer close to NEW Co-op, who declined to be named, said the company is working on developing a new computer system.

Earlier this week, the co-op said, “Please know that NEW Cooperative is treating this matter with the utmost seriousness, and we are using every available tool and resource to quickly restore our systems. We appreciate the patience of our valued customers as we investigate this matter and work to restore functionality and will share additional information directly with our customers as we learn it.”

BlackMatter has said on its website that it would not target critical infrastructure, although NEW Coop is an integral part of the food supply chain.

The farmer close to NEW Co-op said the federal government is treating the ransomware attack as a terrorist attack and that the ransom would not be paid.

NEW Co-op representatives have not confirmed that information. A spokesman for NEW Co-op did not respond to questions from The Messenger on Thursday. Among other things, the newspaper asked what parts of the system were impacted and how the attack will affect harvest operations.

Security researchers believe BlackMatter may be a reconstituted version of the ransomware syndicate DarkSide that disrupted the Colonial Pipeline last spring then announced it was disbanding. BlackMatter claims on its darkweb site not to target critical infrastructure, though many would argue that NEW Coop is exactly that because it provides feed to livestock.

NEW Cooperative, which is made up of more than 50 locations, stores and markets the grain it collects and offers feed, fertilizer, crop protection and seed.

Formed in 1973, NEW Cooperative is the result of the merger of two neighboring cooperatives in northeast Webster County, thus the acronym NEW.