Government agencies such as NSA, FBI and CISA warn about the impact of cybercrime group 'Black Matter' ransomware on food industry and agricultural organizations
2021 October 19 (Monday),
BlackMatter Ransomware | CISA
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $ 15 million --CyberScoop
https://www.cyberscoop.com/blackmatter-food-agriculture-ransomware-cisa-fbi-nsa/
FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks
https://www.bleepingcomputer.com/news/security/fbi-cisa-nsa-share-defense-tips-for-blackmatter-ransomware-attacks/
Feds Warn BlackMatter Ransomware Gang is Poised to Strike | Threatpost
https://threatpost.com/feds-warn-blackmatter-ransomware-gang-is-poised-to-strike/175567/
Protect yourself from BlackMatter ransomware: Advice issued --Malwarebytes Labs | Malwarebytes Labs
https://blog.malwarebytes.com/ransomware/2021/10/protect-yourself-from-blackmatter-ransomware-advice-issued/
Stay Safe from BlackMatter Ransomware Attacks
https://heimdalsecurity.com/blog/how-to-stay-safe-from-blackmatter-ransomware-attacks/
Since around July 2021, attacks by BlackMatter ransomware targeting US infrastructure have been frequent. Regarding the attack by BlackMatter ransomware, a security advisory was released on October 14, 2021 under the initiative of CISA, and a warning against 'attack on water and sewage facilities' was just issued, but only a few days later, food Similar warnings have been issued to the industry and agricultural organizations.
Eric Goldstein, executive assistant director of cybersecurity at CISA, said, 'BlackMatter ransomware locks and unlocks targeted systems in 80,000 to 15 million cryptocurrencies such as Bitcoin and Monero. We are looking for a ransom of dollars (about 9.2 million to 1.7 billion yen). '
BlackMatter's ransomware is provided to cybercriminals as RaaS , and the attacker and BlackMatter are attacking with an agreement to divide the ransom. As a specific attack method, it seems that it wipes (erases) the backup data storage destination and appliance instead of encrypting it, and as countermeasures, 'encrypt backup data' 'use strong and unique password' ' Use of multi-factor authentication 'and so on.
In addition, in security advisory, Black Matter ransomware may have been renamed by RaaS provided by cybercriminal group 'DarkSide' that carried out a ransomware attack on Colonial Pipeline, which operates the largest oil pipeline in the United States. Gender is also mentioned. There is also a research report that three organizations are related to BlackMatter and DarkSide, and REvil, which launched a ransomware attack on a meat processing factory in June 2021.
America's largest oil pipeline shuts down due to ransomware attack, Biden administration declares emergency-GIGAZINE
The published security advisory did not reveal the names of the food industry and agricultural organizations that were the targets of the ransomware attack, but information on the ransomware attack was released based on reports from victims and security analysis. I am.
CISA hasn't given a specific organization name, but in September 2021, Iowa-based agricultural company New Cooperative was attacked by BlackMatter ransomware and part of its system went offline. It was reported that the food supply was temporarily stopped. At this time, New Cooperative is required to pay a ransom of $ 5.9 million (about 680 million yen).
Another Minnesota agricultural supplier, Crystal Valley, was also hit by a ransomware attack, but it was not determined that the attacker was Black Matter. However, Alan Lisca, an analyst at cybersecurity firm Recorded Future, said that 'Black Matter is behind the attack on Crystal Valley,' and has also released screenshots of sites mentioning the attack. increase.
An interview with cybercrime group Black Matter about the current state of ransomware is summarized in the following article.
What is the current state of cybercrime and how to select an attack target, as described by ransomware developers? --GIGAZINE
Related Posts:
