The CISA, FBI and NSA have released advisories on Monday to prevent ransomware intrusions into critical US entities, including two US food and agriculture sector organisations. The ransomware in question here is Blackmatter, a Ransomware-as-a-service (RAAS) tool.
The ransomware was first seen in July 2021, where threat actors leveraged the tool with embedded and previously compromised credentials that enabled them to access the victim’s networks and remotely encrypt host and shared drives.
So far, BlackMatter actors have attacked several US-based organisations and have demanded exuberant payouts of anywhere between $80,000 to $15 million.
In the News: Apple’s 3rd-gen AirPods unveiled for $179
Blackmatter or Darkside’s return?
Blackmatter intruders first breached New Cooperative, an Iowa grain collective that ended up taking some of its systems offline. New Cooperative is still working on getting their systems back up in October.
The second attack happened on Crystal Valley Cooperative, a Minnesota agriculture supplier that reported a breach but didn’t identify the attackers. According to Alan Liska, senior intelligence analyst at cybersecurity firm Recorded Future, BlackMatter was behind the attack and posted it on their extortion site.
Both the attacks were followed by the third one at JBS, which forced the meat supplier to shut off their meat processing plants in June. The FBI pointed the finger at REvil this time around.
There’s a good chance that Blackmatter might just be a rebadged version of Darkside, which attacked the Colonial Pipeline. The succession between Darkside, REvil and Blackmatter reveals a pattern of private-sector research that can indicate internal links. However, Darkside and REvil have both disappeared after a series of major attacks.
“This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, in a notification, put out by the CISA. “CISA, FBI and NSA are taking every step possible to try to make it harder for cybercriminals to operate.”
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.