While the Biden administration is severely trying to curb ransomware attacks, threat actors continue to target the critical infrastructures in the country. Farm services provider NEW Cooperative is the latest victim to join the bandwagon of ransomware attacks. The Iowa-based company stated that a security incident paralyzed its operations, affecting several U.S. farming chains that began to harvest.
“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained. We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation,” the company said in a media statement.
NEW Cooperative provides grains, feeds, fertilizers, seed resources, technology platforms, and crop protection services to several farming cooperatives across the north, central, and western Iowa.
Ransomware Risks to Agriculture Sector
It’s becoming increasingly common for ransomware operators to target critical infrastructure to disrupt essential services. The current ransomware attack has affected the operations of several grain storage elevators operated by NEW Cooperative. The timing of the security incident has caused more damage as many farmers had started their farming work.
The food supply chain in the country may be affected unless the NEW Cooperative systems go online.
BlackMatter’s Involvement?
While NEW Cooperative didn’t reveal the hackers behind the cyberattack, several security experts linked the attack to the infamous ransomware attack group BlackMatter. Reports suggest that BlackMatter operators compromised and infected NEW’s network systems and demanded a ransom of $5.9 million to restore the affected systems. BlackMatter is relatively a new ransomware-as-a-service group (Raas) suspected to be a successor of the infamous DarkSide ransomware group that went underground after the attack on Colonial Pipeline.
Negotiations with BlackMatter
As per a leaked private negotiation between the NEW officials and BlackMatter operators, the attackers refused to decrypt the affected systems citing that NEW Cooperative doesn’t come under critical infrastructure.
🌐 BlackMatter #Ransomware group just ransomed another food critical infrastructure in the US, The ransom demand is 5,900,000$ for now 🚨
The victim is playing by the rules: “@CISAgov is going to be demanding answers from us within the next 12 hours” 🧐#BlackMatter pic.twitter.com/Iciet8lhwQ
— DarkFeed (@ido_cohen2) September 20, 2021
Earlier, the BlackMatter group stated that they don’t attack critical infrastructures such as health care facilities, the defense industry, nuclear power plants, water treatment facilities, the oil and gas industry, non-profit organizations, and government agencies. They further claimed that if a victim is from the sectors above, they decrypt their files for free.