[TheRecord] CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure

A joint Cybersecurity Advisory issued Monday by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warns that BlackMatter ransomware “has targeted multiple U.S. critical infrastructure entities,” including two within the U.S. food and agriculture sector.  

Previous news reports linked attacks on U.S. grain cooperatives in Iowa and Minnesota to BlackMatter, NEW Cooperative and Crystal Valley Cooperative, highlighting digital security risks to the U.S. and global food supply chain

The new advisory provides an overview of the threat, its tactics, detection signatures to help identify and block network activity associated with the threat, and mitigation best practices. 

“First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows  the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims,” the advisory explains. Black Matter is a “possible rebrand” of Darkside, another major ransomware Raas tool active last fall through this May, it adds.

In an interview published by Recorded Future in August, a BlackMatter representative claimed they sought to incorporate the most effective aspects of prior ransomware operations REvil and DarkSide.

BlackMatter ransom demands have ranged from $80,000 to $15,000,000 in Monero and Bitcoin, per the advisory. 

The agencies urge critical infrastructure organizations to implement the detection signatures and follow security best practices, including strong passwords and multi-factor authentication. They also recommend implementing and enforcing backup procedures as well as network segmentation and monitoring, among other steps.

In a related press release, agency officials also urged victims to report attacks. 

“Unfortunately, too many ransomware incidents go unreported, and because silence benefits the cybercriminals the most, we ask targeted entities to contact their local FBI Field Office and speak to a cyber agent,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division.

The post CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] WildPressure APT Emerges With New Malware Targeting Windows and macOS

All posts, HackerNews

A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent […]

Read More

[ThreatPost] Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails

All posts, ThreatPost

A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system — skating past email security — went unaddressed despite multiple flagging by researchers. Source: Read More (Threatpost)

Read More

[BleepingComputer] CISA warns of stealthy malware found on hacked Pulse Secure devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. […] Source: Read More (BleepingComputer)

Read More