On October 19, 2021, a ransomware attack developed by the cybercrime group BlackMatter was launched by the U.S. National Security Agency (NSA), the U.S. Department of Homeland Security (DHS), cybersecurity infrastructure security agency CISA, and the Federal Bureau of Investigation (FBI) of critical U.S. interests, including food industry and agricultural organizations. They jointly warned that it is having a huge impact on infrastructure.
Since July, Black Matter ransomware attacks targeting US infrastructure have been frequent. The Black Matter ransomware attack came shortly after CISA-led warnings about attacks on water and sewage facilities were released on October 14, 2021, but similar warnings were issued a few days later for the food industry and agricultural organizations.
According to CISA, the Black Matter ransomware locks the target system and demands a ransom of between $80,000 and $15 million in cryptocurrencies such as Monero to unlock it.
Black Matter ransomware is provided to cybercriminals as RaaS, and the attacker and Black Matter agree to split the ransom in half. As a specific attack method, the backup data storage location and device are not encrypted. Countermeasures include encryption of backup data, use of strong unique passwords, and use of multi-factor authentication.
In addition, Black Matter ransomware could be a RaaS provided by Darkseid, a cybercriminal group that carried out a ransomware attack on the Colonial Pipeline, which operates the largest oil pipeline in the United States. There is also an investigation report that Black Matter and Darkseid have a relationship with three organizations, including the organization (REvil), which attacked a meat processing plant with ransomware in June.
According to the public security advisory, the names of the food industry and agricultural organizations targeted by the ransomware attack were not disclosed, but information about the ransomware attack was not disclosed according to reports and security analysis, including the victim organization.
CISA did not mention the name of the organization, but reported in September that New Cooperative, an agricultural company based in Iowa, suffered a Black Matter ransomware attack and temporarily stopped supplying offline food to some of its systems. . At this time, the company said that it was asked for a ransom of $5.9 million.
Another Minnesota agricultural supplier, Crystal Valley, is also being attacked by ransomware, although it has not been confirmed that the attacker was Black Matter. However, a cybersecurity company official said Black Matter was behind the attack on Crystal Valley and is also releasing a screenshot of the site that mentions the attack. Related information can be found here.