Iowa Farmers’ Co-Op Victim of BlackMatter Ransomware
- By Dawna M. Roberts
- Published: Sep 30, 2021
- Last Updated: Mar 18, 2022
Despite the government’s warning to hackers to avoid targeting infrastructure, the new and improved BlackMatter ransomware recently crippled an Iowa farmers’ cooperative, demanding $5.9 million to release its files.
DarkSide Lives Again
The previous defunct DarkSide gang has reemerged and used its BlackMatter ransomware against an Iowa farmers’ co-op network this past weekend, demanding $5.9 million in ransom. The ransom note says that if the ransom is not paid within five days, the ransom will increase to $11.9 million. Hackers promise a decryptor key to unlock the files if the ransom is paid.
According to Threatpost,
“The Iowa-based organization is a feed and grain cooperative, with 50 locations. It provides a variety of digital and software services to its network of farmers. As a result of the attack, it had to shut down its operations and also faces the threat of BlackMatter leaking stolen data if it does not pay the ransom, according to reports. This method of double extortion is now common and a hallmark of the former DarkSide group; whose members are believed to now be running the show at BlackMatter.”
A spokesperson for the network told Bleeping Computer that to mitigate the attack, they immediately took all systems offline. The network also notified the public, “NEW Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems.
“Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”
The NEW Cooperative network has paired up with cybersecurity forensic experts and law enforcement to investigate the attack and mitigate the damage.
Going Against Government Warnings
Despite President Biden’s warnings to cybercriminals to stay clear of infrastructure companies, the warnings appear to have fallen on deaf ears.
Threatpost explains,
“The attack comes on the heels of another major attack attributed to BlackMatter on Japanese tech giant Olympus, which occurred Sept. 8. The group—which operates as a ransomware-as-a-service operation—is picking up where DarkSide left off, according to security experts. The former ransomware group, which ceased activity months ago, is believed to be behind a number of successful attacks and even inspired copycat activity.”
The original DarkSide gang is responsible for the Colonial Pipeline attack. Security experts believe that warnings like those that come from the White House are not enough. Stronger action will be needed to control attacks on public-serving entities. Threat experts believe that the attack indicates a lack of respect for the president and his administration.
In a report from Bloomberg, the DarkSide gang commented on the attack and said ‘the coop doesn’t count as critical infrastructure because “the volumes of their production do not correspond to the volume to call them critical.”
Will New Cooperative Pay Up?
The federal government has warned all ransomware victims not to pay any ransom, or they could face government sanctions. However, the question of whether or not New Co-op will pay or not is still undecided. If they cannot retrieve their data any other way, they may be forced to do so.
Conversations leaked on Twitter between the Co-op and attackers suggest that the company firmly believes that it “falls under the government’s critical infrastructure umbrella because of the potential disruption to the food supply chain.”
New Cooperative said
“If we are not able to recover very shortly, there is going to be very very [SIC] public disruption to the grain, pork and chicken supply chain,” the cooperative told BlackMatter, adding that 40 percent of grain production runs on its software and the feed schedules of 11 million animals rely on the organization.”
