U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom.
BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom. The ransomware gang claims to have stolen 1,000 GB of data including the source code for the soilmap.com project, financial info, network information, R&D results, sensitive employee information, legal and executive info, and KeePass export. The ransomware operators are threatening to double the ransom if it is not paid in five days.
🌐 BlackMatter #Ransomware group just ransomed another food critical infrastructure in the US, The ransom demand is 5,900,000$ for now 🚨
The victim is playing by the rules: “@CISAgov is going to be demanding answers from us within the next 12 hours” 🧐#BlackMatter pic.twitter.com/Iciet8lhwQ
— DarkFeed (@ido_cohen2) September 20, 2021
NEW Cooperative told BleepingComputer that the ransomware infected some of its systems, the organization has taken its systems offline to prevent the threat from spreading. The cooperative also claims to have successfully contained the threat.
NEW Cooperative notified law enforcement and are hired cybersecurity experts to investigate the attack.
The BlackMatter group launched its operations at at the end of July, the gang claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system.
The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS.
The group is recruiting crooks with access to the networks of large enterprises, which have revenues of $100 million/year or larger, in an attempt to infect them with its ransomware. The group is looking for corporate networks in the US, the UK, Canada, or Australia.
BlackMatter ransomware operators announced that they will not target healthcare organizations, critical infrastructure, organizations in the defense industry, and non-profit companies. In August, the gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform.
The screenshots of the negotiation page shared on Twitter shows that NEW Cooperative told BlackMatter that they are a critical infrastructure due to their role in the food supply chain for grain, pork, and chicken.
The company said that about 40% of the grain production run on its software and warned the ransomware gang that they would have to contact CISA and regulators about the attack.
“The impact of this attack will likely be much worse than the pipeline attack for context, and we have no way to control that given the disruption this has already caused.” a NEW Cooperative representative warned.
The response of BlackMatter was negative, the group told the cooperative that they do not “fall under the rules.”
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine