‘Russian’ Ransom Gang Targets Big Agri Co-op—Food Shortages Ahoy?

NEW Cooperative got hacked by BlackMatter ransomware gits. The Iowa-based agriculture cooperative is facing a $5.9 million ransom.

BlackMatter is said to be DarkSide reborn. Those were the scrotes who took down Colonial Pipeline. And now they’ve nuked another bit of the nation’s critical infrastructure.

Will it prompt the retaliation President Biden promised? In today’s SB Blogwatch, we head for the hills and grow our own.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: evil brand mystique.

The Next Colonial?

What’s the craic? Let’s be Frank Bajak—“Iowa farm cooperative hit by ransomware”:

Critical infrastructure
A ransomware attack by the BlackMatter gang forced NEW Cooperative, an association of Iowa corn and soy farmers, to take their systems offline. … A person close to the business … with knowledge of the case, speaking on condition they not be further identified [said] it created workarounds to receive grain and distribute feed.

The attack hit just as Iowa’s corn and soy harvesting is getting under way. … BlackMatter threatened to publish 1 terabyte of data it claimed to have stolen from New Cooperative if its ransom demand was not paid.

Security researchers believe BlackMatter may be a reconstituted version of the ransomware syndicate DarkSide that disrupted the Colonial Pipeline last spring. … BlackMatter claims on its darkweb site not to target critical infrastructure, though many would argue that New Cooperative is exactly that.

Indeed, many would. Careful with that Ax Sharma—“$5.9 million ransomware attack on farming co-op may cause food shortage”:

Food production process
The farming cooperative [said] the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online. … The farming organization says its software powers about 40 percent of grain production and feed schedules of 11 million farm animals.

The cooperative’s SOILMAP project is currently unavailable. SOILMAP is an agronomic software solution providing soil testing, mapping, and streamlined accounting features to help suppliers bring greater efficiency to their food production process.

Whodunit? Mark Joseph Marks’ words—“Russian hackers”:

Direct provocation
The last time I wrote about a security incident in my home state of Iowa, everyone was angry at a company named Shadow and no one had any idea who won the caucuses. Seems like a decade ago.

President Biden threatened retaliation if Russian hacking gangs don’t steer clear of U.S. critical infrastructure. … BlackMatter, the Russian criminal hacking gang that hacked NEW Cooperative … appeared to mock the cooperative’s claim it counted as critical infrastructure in an online chat, warning “everyone will incur losses.”

The attack is less damaging than dozens of other ransomware hacks that have hit schools and small businesses in recent months without prompting any significant attention from the federal government. On the other hand, it represents a direct provocation from one of the United States’ toughest adversaries.

O RLY? Jordan83 ridicules that response:

Ridiculous
If food distribution and everything related to is it not “critical infrastructure,” then I don’t know what is. … It’s arguably even more critical than power at its most basic level. This is ridiculous.

And then the next shoe dropped. Here’s Jonathan Greig—“650+ breached credentials from NEW Cooperative employees”:

One of the easiest ways
Researchers … found 653 instances of breached credentials connected to NEW Cooperative. The password “chicken1” was common among … employees.

The firm’s current executives also had passwords that had been leaked. … Dozens of studies—and previous ransomware incidents or breaches—have shown that [credential reuse is] one of the easiest ways cyberattackers routinely gain access to systems.

How many more of these stories? andygoblins knows:

Shareholders love it
Too many. Most companies are filled with execs who believe, “It won’t happen to us,” and then cut their tech budget because … shareholders love it when you cut operating costs.

ikr? And u/red2play agrees:

Too late
Pay me now or pay me later. Companies don’t take cybersecurity seriously until its too late.

Up ’til now, dave99’s been scared to say:

Hammer dropped
Unpopular opinion I’m sure, but this is why the entire cryptocurrency arena needs significant regulation, ASAP. I know there are some legit. uses of it, but let’s be honest, the bulk of it is just financial speculation, and some other significant part is for illicit purposes.

And the other part is ransomware needs to be treated as terrorism, and those connected to facilitating terrorism—any exchanges, foggers and mixers that process transactions related to ransomware—get the hammer dropped on them.

Meanwhile, what if it wasn’t Russia? Here’s a slightly sweary u/SomeRandomPlant:

****ing bastards probably hired by Monsanto or some ****. Farmers already have it bad enough.

Want more food shortages you dumb*****?

And Finally:

How does the new Chapel BiPhone 13 make you feel?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Vlad Stawizki (via Unsplash)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 595 posts and counting.See all posts by richi