Black Matter gang demanded a $5.9M ransom to NEW Cooperative

Black Matter gang demanded a $5.9M ransom to NEW Cooperative

U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom.

BlackMatter ransomware gang hit NEW Cooperative, a farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom. The ransomware gang claims to have stolen 1,000 GB of data including the source code for the soilmap.com project, financial info, network information, R&D results, sensitive employee information, legal and executive info, and KeePass export. The ransomware operators are threatening to double the ransom if it is not paid in five days.

NEW Cooperative told BleepingComputer that the ransomware infected some of its systems, the organization has taken its systems offline to prevent the threat from spreading. The cooperative also claims to have successfully contained the threat.

NEW Cooperative notified law enforcement and are hired cybersecurity experts to investigate the attack.

The BlackMatter group launched its operations at at the end of July, the gang claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system.

The birth of the BlackMatter ransomware was first spotted by researchers at Recorded Future who also reported that the gang is setting up a network of affiliates using ads posted on two cybercrime forums, such as Exploit and XSS.

The group is recruiting crooks with access to the networks of large enterprises, which have revenues of $100 million/year or larger, in an attempt to infect them with its ransomware. The group is looking for corporate networks in the US, the UK, Canada, or Australia.

BlackMatter ransomware operators announced that they will not target healthcare organizations, critical infrastructure, organizations in the defense industry, and non-profit companies. In August, the gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform.

The screenshots of the negotiation page shared on Twitter shows that NEW Cooperative told BlackMatter that they are a critical infrastructure due to their role in the food supply chain for grain, pork, and chicken.

The company said that about 40% of the grain production run on its software and warned the ransomware gang that they would have to contact CISA and regulators about the attack.

“The impact of this attack will likely be much worse than the pipeline attack for context, and we have no way to control that given the disruption this has already caused.” a NEW Cooperative representative warned.

The response of BlackMatter was negative, the group told the cooperative that they do not “fall under the rules.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini AuthorPierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X