Agencies say agriculture groups being targeted by BlackMatter ransomware

Getty Images

A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) put out a joint advisory warning of targeting by “BlackMatter ransomware,” connecting the group to previous attacks this year. 

“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” the agencies wrote. 

“BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero,” they warned. 

Bloomberg News reported last month that BlackMatter was likely behind the ransomware attack against major U.S. agriculture group New Cooperative, which refused to pay a $5.9 million ransom.

The agencies noted that BlackMatter is “a possible rebrand of DarkSide,” which is the group linked to the attack on Colonial Pipeline in May that forced the company to shut down its supply of gas for almost a week, leading to shortages in multiple states. DarkSide, believed to be based in Russia, went offline shortly after the attack due to a law enforcement operation.

“This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement Monday.

Bryan Vorndran, the assistant director of the FBI’s Cyber Division, asked that groups targeted by ransomware attacks report the incidents to the FBI to help the federal government disrupt these attacks. 

“By reporting a cyber incident, targeted entities are enhancing our ability to respond and investigate with the goal of disrupting cybercriminal operations,” Vorndran said in a statement. “We will continue to leverage our unique authorities and capabilities to protect the American people from this threat; however, we cannot accomplish this alone.”

The joint advisory was issued less than a week after the FBI, CISA, NSA and Environmental Protection Agency issued a separate one warning that hackers were targeting groups in the water and wastewater treatment sectors and after escalating ransomware attacks in recent months.  

JBS USA, a major meat producer, and IT company Kaseya were also hit by Russian-linked ransomware attacks, while companies such as Sinclair Broadcast Group and T-Mobile have also been hit by cyberattacks in recent weeks. 

Rob Joyce, director of cybersecurity at the NSA, on Monday urged organizations to step up cybersecurity following mounting cyberattacks. 

“The threat of ransomware goes beyond specific impacts to a victim company — it has risen to a national security issue,” Joyce said in a statement. “Employing the mitigations in the joint advisory with CISA and FBI will protect networks and mitigate the risk against BlackMatter and other ransomware attacks.”

Tags CISA Colonial Pipeline Cybercrime Cyberwarfare DarkSide FBI Hacker groups JBS USA kaseya NSA Ransomware Russia

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

See all Hill.TV See all Video

Most Popular

Load more


See all Video