Today, Iowa grain company New Cooperative confirmed it was hit by a ransomware attack from BlackMatter, a relatively new ransomware group that is thought to be tied to DarkSide. The ransom was held at $5.9 million to decrypt 1,000 gigabytes worth of files, including invoices and R&D.
The company has taken its systems off line and is working with a cyber firm and law enforcement to investigate the damage further.
According to WSJ, "New Cooperative is working to transport grain to livestock and poultry farms that rely on it for feed supplies, a person familiar with the matter said."
No indication has been made if the organization will be paying or not.
Cyber experts weighed in on the situation and this latest ransomware attack that has real world impact.
Danny Lopez, CEO Glasswall:
"Reports of ransomware hitting agricultural companies is especially troubling, given the importance of the work being done by these types of organisations. .
Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It's vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.
Even if all procedures and policies are well executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that critical infrastructure organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.
Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.”
Ralph Pisani, President, Exabeam:
"Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behavior sheds light on the presence of ransomware and its precursor problems, yet far too few organizations are able to see the canary in the coal mine.
However, organizations that work to understand the cycle of compromise, taking the time to understand normal behavior, will uncover the intrusion as abnormal before it strikes. If organizations are serious about ransomware, they must up level their capability to manage intrusions; a leading method is the adoption of behavioral analytics to detect behavioral deviation and spot malicious activity at far earlier stages of an attack.
Since ransomware is the product of earlier undetected intrusions, the window of opportunity for disruption and removal is small. Commodity security tools require too many static rules, generate far too many false positives, and do more harm than good. Organizations without advanced analytics will struggle getting ahead and are extremely vulnerable to the negative outcomes of ransomware.”
Neil Jones, Cybersecurity Evangelist, Egnyte:
"The key lesson we can take from cyberattacks like the one on New Cooperative in Iowa is that no organization or industry is safe from cyberattacks, even when they are considered one of the U.S. government’s “critical sectors.” Senior executives and IT leaders need to be aware that no technological solution is 100% effective, but a large percentage of ransomware attacks can be prevented with diligent preparation. These types of security breaches occur on a regular basis, resulting in companies being targeted because of their significant impact on the nation's food supply and the mission-critical systems they rely on to communicate with farmers, food producers, and business partners during harvest time.
At the end of the day, all content and communications are vulnerable without proper data governance. It’s imperative that organizations begin with protecting the data itself. If secure file collaboration tools with Multi-Factor Authentication (MFA) are implemented correctly, they can render cybercriminals’ attacks ineffective. Deployed in a case like this one, where adversaries were able to infiltrate the organization's network and impact its mission-critical business activities, the systems would have been inaccessible to outsiders and the organization's valuable data would have remained protected.
We often find that the methods and tools being employed by organizations like New Cooperative just can't keep pace with today’s evolving security threats. Data protection must be viewed as more than a compliance checklist. Optimal data governance solutions make it easy to share files with anyone, without compromising users' security and control."
Alex Pezold, CEO, TokenEx:
"BlackMatter ransomware group strikes again. As experts investigate and we learn what attack methods gave the hackers access to so much sensitive data, we need to also consider more effective defenses. It's important to understand that ransomware developers have evolved a very extensive network, built on bitcoin currency, offering guarantees to customers on the quality of the data they have stolen from corporate customers, even offering a refund if the data is unusable. Having that level of confidence in black market data is what gives CIOs, CTOs, CISOs—heck, any data security professional—nightmares."