The BlackMatter ransomware group, which claims to be the successor to the ostensibly, but possibly not so retired threat actor groups REvil/DarkSide, has successfully breached an Iowa-based grain and farm services provider. The provider, which operates grain elevators, trades crops and provides other support to Iowa and surrounding farmers, says it’s has taken it’s systems offline as a precaution and that it has been working with law enforcement regarding the incident.
The company made comment to BleepingComputer recently stating that they have recently identified a cybersecurity incident that is impacting some of their company’s devices and systems and out of an abundance of caution, they have proactively taken their systems offline to contain the threat, and can confirm it has been successfully contained. The provider mentioned to Bleeping Computer, “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”
BlackMatter has demanded a huge $5.9 million in ransom payment BleepingComputer, per a recently posted article, stated that this figure will rise to $11.8 million if the threat actor isn’t paid within five business days.
The timing is surely unfortunate, coming at the beginning of the Mid-West’s grain harvesting season. Some of the recent back-and-forth between the threat actor and victim suggests the ways in which BlackMatter ethically distinguishes this action from other ransomware attacks because this action has supposedly done no tangible harm.
Let’s dissect that comment quickly. The meaning will be apparent to anyone who’s ever heard this type of senseless logic that in essence argues that, sure, it’s wrong to steal from people, but it’s definitely OK to rip off institutions because—you know—they’re greedy and make money and stuff right.
The review of this comment may give BlackMatter more credit for their counterfeit altruism than they deserve. But here’s one more interesting point that I think a lot of folks tend to forget. BlackMatter is closely regarded as a Russian state sanctioned criminal enterprise, and, as Bloomberg points out in a recent article, the attack on this Iowa based farm services provider may in part be intended to see exactly where the United States is prepared to draw a line with its new, firm hand on ransomware attacks.
The BlackMatter threat actors explain on their underground marketplace page, that the provider is just too small to count as critical, stating, “The volumes of their production do not correspond to the volume to call them critical.”
BlackMatter has in fact left alone companies that are typically viewed as truly critical, like companies associated with oil and gas, minerals and many others with much higher public and federal visibility. BlackMatter in an article posted by Bloomberg, stated, “We don’t see any critical areas of activity” referring to the Iowa based farm services provider. Also, this company only works in one state. According to this logic, BlackMatter would have us believe food is really not that critical. Furthermore, per BlackMatter, the provider is below the size threshold of criticality. Others would beg to differ.
During the rule of the Soviet Union, Ukraine was seen as the breadbasket of Russia and the whole former Soviet Union. This changed sometime in the late 20th century; the breadbasket of Russia has sadly now become, well places like, Kansas, Nebraska, and in this case Iowa. Just as the Soviet Union’s policies destroyed Ukraine’s agricultural viability in the first half of the twentieth century, modern malicious Russian state actors could potentially have the same effect on America’s breadbasket, if this type of activity goes unchecked. The tactics and targets may have changed since the 1940s, but the end result has not: major interruptions to food supply, business operations, and commerce. It also seems like the recent letters of marque and reprisal evidently offered by the Kremlin to the United States government and its private organizations have again fallen short on their promise. For this reason, organizations that may not view themselves as major targets need to raise their awareness and potential exposure of these types of attacks.
As demonstrated by the above attack, no company is off-limits from widespread and debilitating attacks. Any company—regardless of size, revenue or industry—is a target for malicious actors. As with the Iowa based farm services providers situation, such attacks can be devastating not only to your own business but to the national and international supply chain at large. Partnering with a trusted security advisor like RSM can help you better protect yourself against such attacks.
Whoarewe?
RSM Defense and our Unit26 security team brings decades of global cyber defense operations experience to your doorsteps. We entered this arena with an innovative cloud-native security solution that aims to stop cyber threats in whatever realm or vertical your business operates, including multi-cloud, third-party hosted, or remote deployments. If you have an existing security stack that is growing, RSM Defense and Unit26 can help manage, triage and respond to your cyber threats within that environment.
If your organization is looking for help with responding to the growing number of cyber threats, let’s get in touch and talk through how we can introduce you to the RSM Defense approach to obtaining a more secured cyber presence.
-Todd
Sources