Major American Agriculture Cooperative Hit by the ‘BlackMatter’ Ransomware Gang

  • A very important entity for food supply in the U.S. has been hit by the ‘BlackMatter’ ransomware group.
  • The actors didn’t believe the entity belongs in the list of 16 sectors that should be excluded from cyberattacks.
  • Although they proceeded to extort the organization, they have now removed the entry from their portal.

The Iowa-based agricultural cooperative ‘New Cooperative’ has confirmed that it was the target of a ransomware attack launched by the ‘BlackMatter’ group, believed to be a Russian-speaking actor who appeared in the field this summer, following the disbanding of other highly successful RaaS programs. In fact, it is thought that ‘BlackMatter’ is the spiritual continuator of ‘DarkSide,’ the ransomware group that was responsible for the attack on the 'Colonial Pipeline' that sparked a political crisis between Russian and the United States.

The latest attack crippled some of the systems in the organization, while the rest were taken offline out of an abundance of caution. As such, whatever could return to manual has gone “old school,” and farmers of the cooperative are now using pen and paper for measuring grain moisture content, truck weight, etc. Some systems, though, like the animal feeding systems, don’t have very effective workarounds as the livestock is too populous to handle with the existing workforce and without automation, so the cyberattack has had a considerable impact on the speed of all processes.

According to what was made known thanks to deep web intelligence firms, the attack unfolded during the weekend, which is typical, and the ransom that is demanded by the organization was set to $5.9 million, threatening to double the amount in five days if a resolution isn’t reached by then. The actors raise the extortion heat by threatening to leak the files they stole from ‘New Cooperative,’ including employee information, financial documents, R&D stuff, source code, and more.

Because ‘New Cooperative’ is so crucial in the food supply of the state of Iowa and the country in general, the crosstalk that has leaked is interesting. The company representative basically warns ‘BlackMatter’ that they hit an entity that should be excluded based on the agreements made between the two presidents a few months ago. The actor said ‘New Cooperative’ doesn’t fall under the rules, so the approach to extortion remained unchanged.

https://twitter.com/ido_cohen2/status/1439863554606305286

Interestingly, we have checked BlackMatter’s Tor portal today, and the entry is no longer there. Possibly, the actors have decided that they bit more than they could chew, or they took the negotiations to a more private space.

Jake Williams, Co-Founder and CTO at BreachQuest, told TechNadu:

Although ‘BlackMatter’ says it will not target “critical infrastructure facilities”, the definition the group uses in its blog is different from the US government’s definition of critical infrastructure, which would include New Cooperative. Given that the Biden administration is already telegraphing more oversight and regulation around paying ransoms, impacting yet another critical infrastructure target certainly won’t help the situation for threat actors. They may view New Cooperative as an IT company, possibly owing that distinction to the SoilMap software product. Ironically, this distinction would be meaningless to the administration since the information technology sector is also considered a critical infrastructure under the designations from DHS and CISA.

Latest
How to Watch Shooting Stars Online from Anywhere
The Basketball legend and his old team used to be young men with big dreams entering the basketball world. But they endured...
How to Watch With Love Season 2 Online from Anywhere
It looks like With Love Season 2 is promising fans romance, drama, and loads of surprises for the Diaz family, starting with...
How to Watch Britain’s Got Talent 2023 Online Free: Live Stream BGT Season 16 From Anywhere
Britain's Got Talent returns in 2023 with a brand new awesome season, and you’ll be able to stream the show online from...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari