The US cybersecurity agency CISA, the FBI and the NSA have officially blamed the ransomware group BlackMatter for the latest attacks on two agricultural companies. They confirm the assessments of some security researchers, according to which the group is behind the incidents at New Cooperative and Crystal Valley in September.
New Cooperative – an Iowa-based agricultural services provider – was hit by a ransomware attack on September 20th. BlackMatter requested a $ 5.9 million ransom. Crystal Valley, based in Minnesota, was attacked two days later. Both attacks came at a time when farmers were starting to harvest.
The CISA, FBI and NSA announcement states that BlackMatter has attacked several critical US infrastructure facilities since July. The opinion provides a detailed examination of BlackMatter’s tactics and describes how the group typically attacks organizations.
Law enforcement agencies believe that BlackMatter operates as ransomware-as-a-service and may be a rebranding of DarkSide, a ransomware group that allegedly ceased operations in May after an attack on Colonial Pipeline.