This hacking group infected the largest grain and meat supplier in the U.S. with ransomware; way more dangerous than Colonial Pipeline attack

A representative of the U.S. farmers’ cooperative NEW Cooperative has confirmed that the organization became victim of a BlackMatter ransomware infection. Reportedly, threat actors are reportedly demanding a $5.9 million USD ransom in exchange for handing over the decryption keys and not revealing the compromised information.

In addition, hackers have threatened to increase the ransom amount to $11.5 million USD in case the organization takes more than a week to make the payment. However, hackers offer the possibility of lowering the payment a little if the representatives of the cooperative are willing to negotiate.

The organization confirmed the attack to some members of the cybersecurity community, adding that their affected systems were immediately isolated to contain the spread of the infection: “We recently identified a security incident affecting some of our devices, so we took proactive measures to mitigate the threat, which has happened successful,” a representative noted.

NEW Cooperative also confirmed that the relevant authorities have already been notified about the attack, something that governments recommend but ransomware groups try to avoid with threats.

Although the representative mentions that the infection was detected immediately, another version ensures that NEW Cooperative detected the incident until the BlackMatter operators published a statement on their dark web platform. This is a common practice among encryption malware operators, as it allows them to keep the pressure on victims.

In this post, threat actors claim to have stolen an internal project’s source code, research and development reports, and other data, giving up a total of 1,000 GB of sensitive information.

About this malware variant, cybersecurity experts mention that BlackMatter could be a relaunch of the popular DarkSide ransomware, which shut down its operations after the massive attack on Colonial Pipeline. Since its appearance, BlackMatter operators announced that they would not engage in attacks on critical infrastructure, including electric and nuclear power plants, water treatment facilities and other critical areas.

Finally, the hackers mentioned that the attack on a food company does not violate its own rules, since NEW Cooperative is not considered as critical infrastructure, although the U.S. government might think otherwise.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.