BlackMatter Ransomware Hits New Cooperative
The Ransomware Group Asked for a $5.9 Million Ransom.
The Iowa-based farm service provider has been hit with a ransomware attack. The company confirmed for Bloomberg News that it did suffer a “cybersecurity incident” impacting some of its devices and systems.
New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.
The BlackMatter ransomware group claims to have taken 1,000GB of data.
Multiple security researchers leaked chats between negotiators for New Cooperative and BlackMatter operators.
It looks like the BlackMatter threat actors refuse to back down, saying only financial losses will be incurred from the attack, as the discussions show that New Cooperative said they would have no choice but to contact CISA if they are not back up and running within the next 12 hours.
Ransomware groups have not stopped their attacks on the agriculture industry, even if the FBI released a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains.
Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack.
The former CIA cyber official Marcus Fowler disclosed for the news publication ZDNet the fact that this attack is the fourth crippling and high-profile attack on US critical infrastructure in recent months.
What’s more, if BlackMatter truly is DarkSide 2.0, then this is evidence that the President’s talks and warnings have had little impact. Based on the details currently available, there are striking parallels between this attack and the recent campaigns against Colonial Pipeline and JBS.
Just like in these instances, New Cooperative took their operational technology (OT) systems offline as a precautionary measure to an IT side attack. We still need to get better at securing OT.
BlackMatter seems to be a branch of the REvil gang, according to Jake Williams and has been aggressively recruiting for first access into victim networks in recent months.
Others, such as Lookout’s senior manager Hank Schless, believe BlackMatter is linked to DarkSide, the organization responsible for the attack on Colonial Pipeline.
Ransomware organizations, according to some experts, are ignoring law enforcement warnings since ransomware assaults against farm firms are lucrative and costly.
Companies working in the agricultural sector are particularly susceptible to ransomware activity as the harvest and fertilization of crops is highly sensitive to external factors; this typically involves weather changes and time of the year, however, any delays caused by a ransomware attack could result in a significant loss of productivity and in turn lead to huge amounts of crops being wasted.
The attack also comes at a time where COVID has resulted in a global shortage of truck drivers, which is impacting food supply chains.