BlackMatter has targeted multiple industries since July
By Diego Flammini
Federal agencies have officially linked cyberattacks on the U.S. ag sector to a group with Russian ties.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and National Security Agency (NSA) issued an alert about the hacker group BlackMatter and their roles in recent cyberattacks in the U.S.
“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture sector organizations,” the Oct. 18 document says.
BlackMatter’s ransoms demands have ranged anywhere between $80,000 to $15,000,000 in Monero and Bitcoiin.
One of those attacks affected New Cooperative Inc., out of Fort Dodge, Iowa.
BlackMatter compromised about 1,000 gigabytes of the organization’s data in September and demanded a $5.9 million ransom before returning access.
The company refused to pay the ransom, the Associated Press reported on Sept. 24.
Cybersecurity sources and other news outlets suggested BlackMatter conducted the attacks, but the U.S. report confirms the group’s involvement.
The group attacked another co-op in Minnesota days after the Iowa incident.
Crystal Valley informed its members and customers on Sept. 21 that two days earlier it had been the victim of a cyberattack.
“This attack has infected the computer systems at Crystal Valley and severely interrupted the daily operations of the company,” the co-op said in a Sept. 21 statement.
And since the federal agencies released the alert, the U.S. agri-food sector suffered another cyberattack.
On Oct. 20, Ferrara Candy, a Chicago-based company known for making Nerds, Red Hots and other candies, revealed that on Oct. 9 hackers demanded payment.
“Upon discovery, we immediately responded to secure all systems and commence an investigation into the nature and scope of this incident,” Ferrara said in a statement to ZDNet.
The company has since resumed production. Whether the company paid the ransom and who is responsible for the attack remains unknown.
CISA, the FBI and NSA provided tips and resources for users to use to protect themselves from any ransomware incidents.
These include two detection signatures available in the document.
“These signatures will identify and block placement of the ransom note on the first share that is encrypted, subsequently blocking additional (Sever Message Block) traffic from the encryptor system for 24 hours,” the agencies wrote.
Farms.com has contacted cybersecurity experts about why hackers are targeting the U.S. ag sector.
Visit VLinteractive.com to learn more about professional managed IT services that can help protect your agribusiness from cyberattacks and other digital security threats.