Colonial pipeline hacker Darkside’s successor Blackmatter is believed to have been attacked
U.S. grain, pork and chicken supplies could be at risk after a ransomware attack on New Cooperative Inc., which took the Iowa-based agricultural services provider’s systems offline.
“With great care, we have actively taken our systems offline to prevent the threat, and we can confirm that it has been successfully controlled,” a new cooperative spokesperson said. wall street journal.
A spokesperson for the New Cooperative did not immediately return Granthshala Business’s request for comment.
Security researchers say the attack was carried out by ransomware group BlackMatter, which allegedly encrypted New Cooperative’s data and stole 1,000 gigabytes worth of files, including invoices, research and development documents, and its soil-mapping Contains the source code of the technique. The hacking group is seeking a $5.9 million ransom in exchange for a device used to decrypt the data.
According to screenshots shared by Darkfeed Threat Intelligence about talks between Blackmatter and New Cooperative on Sunday, the agriculture group said there would be “very public disruption in the grain, pork and chicken supply chain” if it didn’t. . Able to fix your system instantly.
Treasury to approve SUEX viral currency exchange over ransomware transactions
Founded in July 2021, Blackmatter claims to incorporate “best of features” from Russian ransomware groups Darkside, Revil and Lockbit. Recorded future.
On its website, Blackmatter advertises the purchase of access to corporate networks in the US, Canada, Australia and the UK. The group targets companies with revenues of $100 million or more that have between 500 and 15,000 hosts on their network.
Blackmatter offers a $3,000 to $100,000 price range for network access, as well as a share of the potential ransom amount.
Blackmatter’s website emphasizes that the group does not attack “critical infrastructure” including hospitals, nuclear power plants, water treatment facilities, oil pipelines and refineries, the defense industry, nonprofits and the government sector.
Get Granthshala Business on the go by clicking here
Although the new cooperative states considered this critical infrastructure As defined by the Department of Homeland Security, Blackmatter argues that it “does not fall within its rules”, according to the screenshot.
The group said before offering to come to an agreement to resolve the situation, “everyone will only suffer. Everything is connected with commerce, important people mean one person’s vital needs, and you make money.” Huh.”
New Cooperative warned BlackMatter that it would have to contact the Cyber Security and Infrastructure Security Agency (CISA) and other regulators about the attack.
In an exchange of additional messages between the parties shared by Dmitry Smilnets of Recorded Future on Twitter, before threatening to double the price of the ransom payment, Blackmatter writes, “Don’t threaten us, otherwise you’ll be without decryption. Will stay.”
The New Cooperative responded that the situation is “quite out of our hands,” adding that it “cannot control what regulators and the US government do.”
“The impact of this attack will probably be worse than the pipeline attack for the sake of context,” said the New Cooperative, referencing the Colonial Pipeline. “We have no way of controlling it because it has already caused disruption.”
“No one will give you the decryptor for free,” Blackmatter replied. “Look for the money.”
As the frequency of ransomware attacks rises in 2021, the Biden administration has called on the private sector to help “raise the bar on cybersecurity.” Biden also put Russian President Vladimir Putin on notice, listing 16 critical infrastructure entities that are “out of range” for Russian cyber attacks.
Entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defence, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.
An FBI spokesman said the agency is aware of the attack on the New Cooperative, but declined to comment further. A CISA spokesperson declined to comment.