The US agricultural supplier NEW Cooperative was attacked by ransomware and the system was forced to go offline. The ransomware group BlackMatter demanded a ransom of US$5.9 million;
NEW Cooperative claims that its software provides food and feed support for 40% of the livestock raised in the United States. If the system cannot be restored in time, it will disrupt the existing food supply chain;
BlackMatter replied that agriculture is not a critical infrastructure and cannot be immune to attacks.
New Cooperative, a U.S. agricultural supplier based in Iowa, was attacked by ransomware and the system was forced to go offline. The BlackMatter gang behind the scenes demanded that the victim pay a ransom of US$5.9 million.
The agricultural organization stated that if the system cannot be resumed in time, the attack is likely to have a serious impact on the supply of food, pork and chicken to the public.
BlackMatter said it will not attack the base, but agriculture is not included
According to screenshots released by threat intelligence analysts, the ransomware group BlackMatter has launched a ransom attack on NEW Cooperative and demanded that the other party pay $5.9 million to unlock encrypted data.
A representative of NEW Cooperative seems to have stated to BlackMatter in private negotiations, “You claim that you will not attack critical infrastructure. We belong to critical infrastructure… are closely intertwined with the US food supply chain. If we cannot recover quickly , The grain, pork and chicken supply chain will be severely and widely affected.”
The agricultural organization emphasized that there are currently 11 million livestock living in feedlots in the United States, and their software provides food production and feed support for about 40% of them. If their systems cannot be brought back online quickly, then U.S. federal-level regulatory agencies such as the Cybersecurity and Infrastructure Security Agency are likely to actively intervene.
BlackMatter responded that they believe that agricultural organizations do not fall into the category of “critical infrastructure.”
We saw a note on the BlackMatter dark web data breach website, which mentioned that the BlackMatter group will not attack hospitals, oil and gas companies, non-profit organizations, government organizations, and defense agencies. If the gang accidentally encrypts computers belonging to these organizations, victims can apply for free unlocking. But according to BlackMatter’s standards, the scope of “critical infrastructure” is limited to power plants and water treatment facilities.
BlackMatter claims that it will not launch attacks on critical infrastructure.
Victims cooperate with law enforcement agencies and security experts
NEW Cooperative stated that it has reported the situation to law enforcement agencies and hired data security experts to conduct investigations and remediation.
At the same time, they also shut down the system to prevent the attack from spreading further. A spokesperson for NEW Cooperative said in an interview, “We recently discovered a network security incident affecting some equipment and systems in the enterprise. Out of prudent consideration, we took the initiative to take the system offline to curb the spread of threats. It can be confirmed that the current attack has been successful. contain.”
We also noticed that the SOILMAP project launched by the company is currently not in normal use. SOILMAP is a set of agronomic software solutions that provide functions such as soil testing, mapping and streamlining accounting, which can help suppliers improve food production efficiency.
Further conversations between BlackMatter and the victim organization shared by cybersecurity intelligence expert Dmitry Smilyanets showed that the organization was unwilling to cooperate with NEW Cooperative to find a solution.
Records of negotiations between NEW Cooperative and the BlackMatter ransomware group.
The representative of NEW Cooperative told the attacker, “I’m not threatening you. The situation is beyond our control. We can’t prevent regulators and the U.S. government from tracing to the end. The impact of this attack may be greater than the previous fuel pipeline paralysis. More serious. Given the damage that has already been done, we cannot influence subsequent developments.”
Prior to this, JBS, the world’s largest meat processor, had been attacked by ransomware, and the company was forced to pay a ransom of US$11 million to the REvil group.
BlackMatter itself is also related to the DarkSide blackmail group that had previously attacked the Colonial Pipeline Company, but then disappeared.
According to John Shier, senior security consultant at Sohpos, “The most noteworthy point of this attack is that NEW Cooperative insists that it belongs to the category of critical infrastructure and therefore should be protected in accordance with the principles proposed by BlackMatter. However, the BlackMatter group does not agree with this statement. , Insisting on asking victims to pay. This attack is also equivalent to a test, testing how the U.S. government reports and handles such attacks under the guidance of the Cyber and Infrastructure Security Agency and the new policies of the Biden administration.”