The ransomware gang BlackMatter launched an attack on Iowa-based agricultural services provider NEW Cooperative which forced the company to take its operations offline. News of the attack began to circulate on Twitter on September 20, as details emerged of a $5.9 million ransom demand in exchange for the decryption key.
The BlackMatter group is thought to have organized earlier this year from former members of the DarkSide and REvil groups. The company has since confirmed the attack in a statement to the media. “In an abundance of caution, we have proactively taken our systems offline to contain the threat,” the company said, adding that it had notified law enforcement.
Latest Threat to Food Supply
News of the attack comes just weeks after the FBI issued a Private Industry Notification warning of increased ransomware attacks targeting the food and agriculture sectors. It also follows successful attacks against the global meat processing company JBS, which forced the shutdown of its processing plants in the U.S.
The FBI and other federal agencies classify food and agriculture as part of the country’s critical infrastructure. Indeed, the BlackMatter group itself claims to avoid attacking any organization that is part of a country’s critical infrastructure. But the group refused to acknowledge NEW Cooperative as critical infrastructure in negotiations with the company.
NEW Cooperative told the group that it is working with the Department of Homeland Security’s Critical and Infrastructure Security Agency, and that refusal to decrypt company servers could lead to dire consequences. “If we are not able to recover very shortly, there is going to be a … disruption in the grain, pork and chicken supply chain.”
BlackMatter claims to have exfiltrated a terabyte of NEW Cooperative data in the ransomware attack, including source code for its soilmap.com project and other sensitive company and employee data. It posted screenshots of some of this data on a private leak site. In return for the $5.9 million in ransom, BlackMatter has promised to provide a decryption key and not to leak company data.
Critical Security for Critical Infrastructure
Ransomware attacks have become all too common across all industrial sectors, from municipal water supplies to gas and oil pipelines. Most troublesome are those that target infrastructure where disruptions to service could have a disastrous impact on public safety. The brief shutdown of JBS processing plants led to shortages and price spikes.
Safeguarding industrial control systems and IT networks requires multiple layers of security, from offline encrypted backup and external storage systems to remote drive management and USB port-blocking technology. The sophistication of cyberattacks on computer networks continues to evolve. Your data security has to keep pace. SecureData can help.