New Cooperative’s ransomware attack underscores threat to food and agriculture
Farm services provider New Cooperative recently suffered a ransomware attack that forced it to take systems offline. The attack follows months of high-level US government debate about how to address ransomware — and occurred days before US officials sanctioned the Suex cryptocurrency exchange.
New Cooperative is a farmer cooperative with 60 operating locations across north, central, and western Iowa. In addition to providing grain, the organization also offers feed, fertilizer, crop protection, and seed resources. The attack struck late last week, just as the US farming sector is preparing for harvest, and the group reportedly behind the attack demanded $5.9 million.
In response, the cooperative says it has reached out to law enforcement and have brought on data security experts to investigate and remediate the attack.
“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” officials say in a statement. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.”
The attack is connected to BlackMatter, an attack group that said in a statement on its website that it had stolen New Cooperative data. It claims to have taken financial information, human resources data, research and development data, and source code for New Cooperative’s SoilMap product, according to a Bloomberg report.
BlackMatter is believed to be connected with ransomware-as-a-service (RaaS) group DarkSide, an affiliate of which targeted Colonial Pipeline in a major ransomware attack earlier this year. When the newer group appeared in July, after DarkSide shut down its infrastructure and removed its members from criminal websites, it claimed to use the best tools from DarkSide and REvil. Sophos research shows that while factors suggest a connection between BlackMatter and DarkSide, “this is not simply a rebranding from one to another,” says researcher Mark Loman.
“In the hands of an experienced attacker, this ransomware can cause a lot of damage without triggering many alarms,” he writes in a blog post.
It’s becoming increasingly common for ransomware groups to disband and regroup under a different alias as a brighter spotlight shines on ransomware campaigns as a global problem, says Hank Schless, senior manager of security solutions at Lookout.
“These ransomware groups figure out repeatable models, so it would make sense that the tactics of an offshoot group are very similar to those of the original organization,” he says. “There may nuanced changes to avoid immediate detection under the new group name.”
Will The Biden Administration Act?
President Biden met with Russian President Vladimir Putin earlier this year and, as part of that conversation, presented a list of industries that constitute critical infrastructure in the US. If the entities, which included food and agriculture companies, were to be targeted by Russian cybercriminals, it would be considered a serious national security threat. Critical infrastructure also includes the chemical sector, emergency services, energy, critical manufacturing, water, and healthcare.
To read the complete article, visit Dark Reading.