[TheRecord] CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure

A joint Cybersecurity Advisory issued Monday by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warns that BlackMatter ransomware “has targeted multiple U.S. critical infrastructure entities,” including two within the U.S. food and agriculture sector.  

Previous news reports linked attacks on U.S. grain cooperatives in Iowa and Minnesota to BlackMatter, NEW Cooperative and Crystal Valley Cooperative, highlighting digital security risks to the U.S. and global food supply chain

The new advisory provides an overview of the threat, its tactics, detection signatures to help identify and block network activity associated with the threat, and mitigation best practices. 

“First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows  the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims,” the advisory explains. Black Matter is a “possible rebrand” of Darkside, another major ransomware Raas tool active last fall through this May, it adds.

In an interview published by Recorded Future in August, a BlackMatter representative claimed they sought to incorporate the most effective aspects of prior ransomware operations REvil and DarkSide.

BlackMatter ransom demands have ranged from $80,000 to $15,000,000 in Monero and Bitcoin, per the advisory. 

The agencies urge critical infrastructure organizations to implement the detection signatures and follow security best practices, including strong passwords and multi-factor authentication. They also recommend implementing and enforcing backup procedures as well as network segmentation and monitoring, among other steps.

In a related press release, agency officials also urged victims to report attacks. 

“Unfortunately, too many ransomware incidents go unreported, and because silence benefits the cybercriminals the most, we ask targeted entities to contact their local FBI Field Office and speak to a cyber agent,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division.

The post CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Consumer protection in focus at FCC and FTC nomination hearings

The Senate began hearings Wednesday on nominees to help lead federal agencies key to the future of privacy and cybersecurity in the United States.  Much of the Senate Commerce Committee’s questions for Alvaro Bedoya, President Joe Biden’s nominee for a vacant spot on the Federal Trade Commission (FCC), and acting Federal Communications Commission (FCC) chair […]

Read More

[BleepingComputer] New SkinnyBoy malware used by Russian hackers to breach sensitive orgs

Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] IndigoZebra APT Hacking Campaign Targets the Afghan Government

All posts, HackerNews

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker “IndigoZebra,” with past […]

Read More