author photo
By Devon Warren-Kachelein
Tue | Sep 21, 2021 | 3:15 AM PDT

Just two weeks ago, SecureWorld News reported on 5 Ransomware Attacks Targeting Food and Agriculture.

Now, there's two more attacks on the farm supply chain to add to the list.

A Russia-based ransomware gang by the name of BlackMatter hit Iowa grain co-op New Cooperative, Inc. over the weekend. BlackMatter is reportedly demanding $5.9 million in ransom. 

New Cooperative took company systems and devices offline to help contain the threat.

The grain cooperative supplies feed for farm animals and food for people across the country.

"This is a very clear attack on an organization that is part of our critical infrastructure. This could result in disruptions to food delivery in parts of the country," said Allan Liska, a senior analyst with U.S. cybersecurity firm Recorded Future, who helped investigate the attack said.

In addition to planning with customers to make sure their animals have enough feed, New Cooperative is entering its busiest time of the year—harvest. 

"They [ransomware gangs] have got you boxed into a corner. Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans," Don Roose, President of U.S. Commodities, told Reuters.

The attack also extends beyond the supply chain to proprietary technology and data, says agriculture publication FarmProgress:

"According to a post on BlackMatter's website, the ransomware group has stolen New Cooperative's financial information, human resources data, research, and development information and source code for its 'SoilMap' product, a technology platform for agricultural producers. A message on SoilMap's website says the product is currently unavailable."

Another co-op called Crystal Valley Cooperative was the second farm cooperative to be targeted by ransomware. Currently, they are undergoing an investigation to deliver more details around the attack. 

Who is BlackMatter?

This is not BlackMatter's first rodeo when it comes to ransomware attacks. BlackMatter has been blamed for several major attacks this summer, even going as far as to say they are offering attacks that could be considered "the greatest hits" similar to operations of the REvil or DarkSide groups.

It had also been said that BlackMatter features members of those gangs and is spreading out its operations. However, it is unclear whether they are simply fans of the work or if BlackMatter is in some way an extension. 

Just last week, BlackMatter hit the Japanese tech company Olympus. According to a statement from Olympus:

"Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners."

Like many of the ransomware gangs, the primary motive for BlackMatter is clear: moolah. "We are a team that unites people according to one common interest—money," the group posted on its website.

A tactic by BlackMatter is threatening their victims with data leaks, and their preferred method of payment is cryptocurrency, which is easily transferred across the planet.

Large organizations across all sectors, from healthcare to real estate, are being warned to be on high alert due to the elevation of cybercrimes from groups like this one.

Crystal Valley Cooperative also gets hit by ransomware

SecureWorld received a tip about a second farm co-op attack this week at Crystal Valley Cooperative. At the time of publishing, Crystal Valley's website was down and could not be accessed. 

According to the co-op's official Facebook page, the attack interfered with their ability to accept payments from certain credit card companies. Although, local cards were still working. 

"Crystal Valley has been targeted in a ransomware attack," the post reads. "The attack has infected our computer systems and interrupted the daily operations of our company ... As we continue to navigate through this with the help of experts, we appreciate your patience and understanding. We will continue to update with information as it becomes available." 

This story was updated on September 23 to include the details of this ransomware attack. 

How do you fight against ransomware attacks?

Ransomware has been on everyone's radar this year, not simply for the number of attacks but also because of risk mitigation efforts.

Colonel Cedric Leighton, a CNN analyst and former cybersecurity leader in the U.S. Air Force, was a featured guest on The SecureWorld Sessions podcast addressing cyberattacks like JBS Foods and Colonial Pipeline. 

"The instrument of choice in these cases was ransomware. But you can't see it as an isolated incident because ransomware is actually part of a broader strategy. When you look at the way in which these operations were conducted, and the strategy that was involved, it was clearly to go after elements of the critical infrastructure," said Col. Leighton.

Tune into the podcast to listen to the full-length interview if you have not already.

From not paying the ransom, to government intervention, to regulating cryptocurrency, there are many measures being discussed to get ahead of ransomware.

And how does the U.S. government view this challenge? 

Jeremy Sheridan, Assistant Director of the U.S. Secret Service, will be doing a fireside chat on ransomware, as he explains how ransomware is an evolution of cybercrime, at SecureWorld Great Lakes virtual conference. He also discusses what organizations of all types should be doing to mitigate the risk.

[RESOURCES] Are you working out a ransomware risk management program for your organization? Catch our experts speaking about ways to counter the threat of ransomware by registering for these webinars:
Ransomware and Your Network, a Prescription for Stronger Defense
Ransomware in 2021: 31 Leak Sites, 2,600 Victims.

Tags: Ransomware,
Comments