On Monday, New Cooperative, an Iowa-based agricultural group, confirmed that it recently became the victim of a multimillion-dollar ransomware attack by a Russian-linked cyber-gang called BlackMatter.
This marks the fourth cyber-attack on a U.S. critical infrastructure sector. Researchers believe that BlackMatter is tied to REvil group, which was believed to be responsible for the May ransomware attack on JBS, one of the world’s largest meat processing companies.
While New Cooperative has not disclosed the extent of the infiltration, security researchers report that BlackMatter claims to have 1TB of the company’s data, which ranges from its employee’s human resources information to the source code for its “SoilMap” software, a technology platform for agricultural producers.
BlackMatter stated on their dark web sites that New Cooperative does not fall under the critical sectors that President Biden listed as off-limits to ransomware and are demanding
a $5.9 million ransom to be paid by September 25. In response to the attack, New Cooperative has gone offline to contain the threat and is in communication with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA). However, as one of the largest farm cooperatives in the U.S., there may be regional disruptions in supply and delivery.
Earlier this month, the FBI released a report warning the food and agricultural sector of targeted ransomware attacks. The report noted both small and large entities as being vulnerable for attacks. As ransomware threats increase, it is important that companies:
– Create regular backups of crucial data
– Ensure all patches are up to date on company devices
– Limit accounts with administrative privileges
– Commission scanning and testing services to detect exposures to threats and vulnerabilities
– Restrict personally owned devices within the network