The BlackMatter ransomware attacked the American farmers organization NEW Cooperative, which produces feed and grain, as well as works in the fields of agronomy, energy and software for farmers.
The hackers demanded $5.9 million for the decryptor, and said the amount would rise to $ 11.8 million if the ransom was not paid within five days. Also, in case of non-payment, the attackers threaten to disclose the data stolen from the victims (more than 1000 GB were allegedly stolen).
Bleeping Computer reports that NEW Cooperative representatives have already confirmed the attack and said they have shut down their systems so far to contain the spread of the attack. Currently, the threat has been “successfully localized”, and NEW Cooperative is working to investigate the situation together with law enforcement agencies and information security experts.
Based on the group’s website, the attackers claim to have stolen the source code of the soilmap.com project, research and development results, confidential employee information, financial documents, and the KeePass password manager database.
Interestingly, judging by the screenshots of NEW Cooperative correspondence and ransomware posted on Twitter, the victims asked the hackers why they were attacked at all, because NEW Cooperative is considered part of a critical infrastructure, and the attack could lead to disruptions in the supply of grain, pork and chicken.
It is worth recalling that in the summer this year, the DarkSide ransomware attacked the largest US pipeline operator, the Colonial Pipeline, engaged in the transportation of fuel. A result of this attack, due to which an emergency regime was introduced in a number of states, became the very straw that could break the back of a camel: the attention of law enforcement agencies to ransomware increased, and hacker forums were rushed to ban advertising of ransomware. Since then, many ransomware have strictly prohibited their “partners” from attacking critical infrastructure, medical facilities, governments of several countries, and so on.
And while BlackMatter has similar bans, the attackers responded that NEW Cooperative “does not fall under these rules,” and threatened to double the ransom if the company did not change its approach to negotiations.
The BlackMatter representative answered this very succinctly:
It should also be said that many information security specialists believe that BlackMatter is a revived DarkSide, that is, a ransomware created by the same authors. Because of this, the cybersecurity community now jokes that by attacking NEW Cooperative, DarkSide operators again made the wrong choice.