BlackMatter ransomware attacked American farmers from NEW Cooperative

BlackMatter attacked NEW Cooperative

The BlackMatter ransomware attacked the American farmers organization NEW Cooperative, which produces feed and grain, as well as works in the fields of agronomy, energy and software for farmers.

The hackers demanded $5.9 million for the decryptor, and said the amount would rise to $ 11.8 million if the ransom was not paid within five days. Also, in case of non-payment, the attackers threaten to disclose the data stolen from the victims (more than 1000 GB were allegedly stolen).

BlackMatter attacked NEW Cooperative

Bleeping Computer reports that NEW Cooperative representatives have already confirmed the attack and said they have shut down their systems so far to contain the spread of the attack. Currently, the threat has been “successfully localized”, and NEW Cooperative is working to investigate the situation together with law enforcement agencies and information security experts.

Based on the group’s website, the attackers claim to have stolen the source code of the project, research and development results, confidential employee information, financial documents, and the KeePass password manager database.

Interestingly, judging by the screenshots of NEW Cooperative correspondence and ransomware posted on Twitter, the victims asked the hackers why they were attacked at all, because NEW Cooperative is considered part of a critical infrastructure, and the attack could lead to disruptions in the supply of grain, pork and chicken.

It is worth recalling that in the summer this year, the DarkSide ransomware attacked the largest US pipeline operator, the Colonial Pipeline, engaged in the transportation of fuel. A result of this attack, due to which an emergency regime was introduced in a number of states, became the very straw that could break the back of a camel: the attention of law enforcement agencies to ransomware increased, and hacker forums were rushed to ban advertising of ransomware. Since then, many ransomware have strictly prohibited their “partners” from attacking critical infrastructure, medical facilities, governments of several countries, and so on.

And while BlackMatter has similar bans, the attackers responded that NEW Cooperative “does not fall under these rules,” and threatened to double the ransom if the company did not change its approach to negotiations.

I am not threatening you. It is simply beyond our power. We cannot control the actions of regulators and the US government. The consequences of this attack are likely to be much worse than the attack on the pipeline, and we have no control over this given that [the attack] has already led to disruptions. I’m just saying so you don’t seem surprised because you don’t seem to understand who we are and what role our company plays in the food supply chain.a spokesman for NEW Cooperative wrote to hackers.

The BlackMatter representative answered this very succinctly:

Nobody will give you a decoder for free, look for money.

It should also be said that many information security specialists believe that BlackMatter is a revived DarkSide, that is, a ransomware created by the same authors. Because of this, the cybersecurity community now jokes that by attacking NEW Cooperative, DarkSide operators again made the wrong choice.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *