BlackMatter Ransomware Gang Pwns Grain Cooperative

Iowa-based grain cooperative New Cooperative was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. And the threat actor is a ransomware group known as BlackMatter:

The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said. New Cooperative confirmed that they had been attacked and said they had contacted law enforcement and were working with data security experts to investigate and remediate the situation. 

“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” according to a statement from the cooperative. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.” New Cooperative has communicated with its feed customers and is working to create workarounds to get feed to animals while its systems are down, a person familiar with the matter said.

BlackMatter is apparently the successor to the DarkSide group who were active and very “successful” earlier this year. What makes this attack really bad is that this is effectively an attack on America’s food supply. Which means that if this group is state sponsored, then this could be seen as an act of war. Thus it will be interesting to see what the White House does about this situation. In the meantime, if you don’t want to be the next company to get pwned, you should make sure your cyberdefenses are on point.

UPDATE: Marcus Fowler, Director of Strategic Threat at Darktrace had this to day:

The ransomware attack on Iowa-based grain cooperative New Cooperative is the fourth crippling and high-profile attack on U.S. critical infrastructure in recent months. We can no longer tolerate cybercriminals forcing our public authorities and essential public services to bring their systems to a grinding halt while they hold organizations to ransom – we urgently need to fix fundamental problems.

The Biden Administration can aspire for certain sectors to be off-limits from hackers, but our nation’s infrastructure and businesses are too interconnected, and cyber-attackers today are too sophisticated for this to ever be a reality. What’s more, if BlackMatter truly is DarkSide 2.0, then this is evidence that the President’s talks and warnings have had little impact.

Based on the details currently available, there are striking parallels between this attack and the recent campaigns against Colonial Pipeline and JBS. Just like in these instances, New Cooperative took their operational technology (OT) systems offline as a precautionary measure to an IT side attack. We still need to get better at securing OT. Ransomware moves incredibly quickly in locking down files and bringing down digital systems – regularly too fast for humans to respond. Too often, organizations’ backs are against the wall in having to shut down because they lack visibility into where the attack is spreading and are concerned for safety.

The good news is that artificial intelligence is making leaps and bounds in both fighting back against ransomware and securing OT (like industrial equipment). Organizations hit with ransomware need an alternative solution beyond complete shutdown and payments to stop ransomware before problems turn into crises. Thousands of organizations across the U.S. have turned to self-learning AI in response to the rise in ransomware attacks and use the technology to gain visibility over their entire infrastructure.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: