21 September 2021

One of the biggest US agriculture groups hit by BlackMatter ransomware


One of the biggest US agriculture groups hit by BlackMatter ransomware

The Iowa-based farmer's feed and grain cooperative New Cooperative group was targeted by a BlackMatter ransomware attack, potentially endangering operations of an organization key to the agricultural supply chain.

The attack took place over the weekend, with the threat actors demanding a $5.9 million ransom, which will increase to $11.8 million if a ransom is not paid until September 25.

New Cooperative, which is among the largest U.S. farm cooperatives, has confirmed the cyberattack.

“NEW Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” said the company’s spokesperson.

In what appears to be screenshots of a negotiation between a spokesperson for New Cooperative and the threat actors shared by security researchers, New Cooperative noted that 40 percent of the nation’s grain production runs through its software, and that the ransomware attack would lead to food supply disruption for grain, pork and chicken.

New Cooperative also said that they would contact regulators and CISA about the ransomware attack.

BlackMatter responded by saying “Do not threaten us” and that “no one will give you decrypters for free, look for money”.

On their darknet leak site the group claims to have stolen 1GB of data, including the source code for the soilmap.com project, Android and iOS apps, R&D results, sensitive employee information, financial documents, and an exported database for the KeePass password manager.

The BlackMatter ransomware gang is thought to be a rebrand of the DarkSide ransomware that went silent after the attack that shuttered the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S.


Back to the list

Latest Posts

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin is active since at least 2016 and is focused on Linux and Solaris servers, only interacting with Windows systems as needed.
20 October 2021
Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Attempted attacks come days after a massive ransomware attack on Hillel Yaffe Medical Center, attributed to the DeepBlueMagic group.
19 October 2021
State-sponsored hackers target orgs in South Asia with custom backdoor

State-sponsored hackers target orgs in South Asia with custom backdoor

Harvester has been observed using both custom malware and publicly available tools, such as Cobalt Strike Beacon and Metasploit, in their attacks.
19 October 2021