Hillicon Valley — Presented by Xerox — Agencies sound alarm over ransomware targeting agriculture groups

Hillicon Valley — Presented by Xerox — Agencies sound alarm over ransomware targeting agriculture groups

Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

A coalition of federal agencies warned agriculture and other critical infrastructure groups over BlackMatter ransomware increasingly being used to target them. Even more troubling, the agencies tied BlackMatter to a previous group linked to the ransomware attack on Colonial Pipeline earlier this year. 

Meanwhile, Facebook is anticipating the release of more reports based on leaked internal documents. The company publicly pushed back Monday ahead of the release of new reports, criticizing news outlets for agreeing to embargoes — despite Facebook routinely using a similar policy.


Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Let’s jump in.

Farmers, watch out

A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.

Top-level warning: The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint advisory warning of targeting by “BlackMatter ransomware,” connecting the group to previous attacks this year. 

“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” the agencies wrote. 

“BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero,” they warned. 

Bloomberg News reported last month that BlackMatter was likely behind the ransomware attack against major U.S. agriculture group New Cooperative, which refused to pay a $5.9 million ransom.

Back again: The agencies noted that BlackMatter is “a possible rebrand of DarkSide,” the group linked to the attack on Colonial Pipeline in May that forced the company to shut down its supply of gas for almost a week, leading to shortages in multiple states. DarkSide, believed to be based in Russia, went offline shortly after the attack due to a law enforcement operation.

Read more here.



Foreshadowing from Facebook

Smart phone screen display of Facebook logo

Facebook is criticizing news outlets for reporting on leaked documents about the company ahead of the release of what it called a “coordinated series of articles.” 

The criticism: Facebook’s vice president of communications John Pinette wrote a series of tweets Monday chastising journalists, without naming any outlets specifically, for working on articles based on “thousands of pages of leaked documents” agreed to under an embargo. 

“Right now 30+ journalists are finishing up a coordinated series of articles based on thousands of pages of leaked documents. We hear that to get the docs, outlets had to agree to the conditions and a schedule laid down by the PR team that worked on earlier leaked docs,” Pinette wrote. 

All about the embargo: Facebook itself routinely releases blog posts and announcements to journalists only under the agreement of a set time for an embargo. 

It is not clear what information the documents Facebook is referring to will reveal, but it comes on the heels of reports from The Wall Street Journal based on leaked internal documents by a Facebook whistleblower that has led to increased calls for transparency from the social media giant. 

Read more here.



A bipartisan group of lawmakers on the House Judiciary antitrust subcommittee is calling on Amazon to provide information about the company's business practices following a series of reports lawmakers said indicated the e-commerce giant's executives misled Congress.

“We strongly encourage you to make use of this opportunity to correct the record and provide the Committee with sworn, truthful, and accurate responses to this request as we consider whether a referral of this matter to the Department of Justice for criminal investigation is appropriate,” the lawmakers wrote in a letter sent to Amazon CEO Andy Jassy on Monday. 

The letter is signed by subcommittee Chairman David CicillineDavid CicillineHouse votes to censure Gosar and boot him from committees House to vote Wednesday to censure Gosar, remove him from committees Gosar faces increasing odds of censure on House floor MORE (D-R.I.), ranking member Rep. Ken BuckKenneth (Ken) Robert BuckSununu exit underscores uncertain GOP path to gain Senate majority Matt Stoller: Amazon's Bezos likely lied under oath before Congress Hillicon Valley — Presented by Xerox — Agencies sound alarm over ransomware targeting agriculture groups MORE (R-Colo.), Rep. Pramila JayapalPramila JayapalFive reasons for Biden, GOP to be thankful this season 91 House Dems call on Senate to expand immigration protections in Biden spending bill Democrats plow ahead as Manchin yo-yos MORE (D-Wash.) and Rep. Matt GaetzMatthew (Matt) GaetzVigilantes are not patriots Greene: McCarthy 'doesn't have the full support to be Speaker' Marjorie Taylor Greene introduces bill to award Congressional Gold Medal to Rittenhouse MORE (R-Fla.). It cites reports last week from Reuters and The Markup that found Amazon boosted its own products on its e-commerce site ahead of products from competing brands. 

The findings in the reports contradict the information Amazon executives have given while they testified before the antitrust panel. 

Read more here







Sinclair Broadcast Group, one of the nation’s largest television station operators, announced Monday that it had been hit by a ransomware attack over the weekend that resulted in data theft and network disruption.

The attack, first discovered by the company on Saturday, compromised some servers and workstations at Sinclair, with operational networks disrupted and data taken by the attackers. Sinclair said in a statement on Monday that it was still working to determine what data had been taken.

“As the Company is in the early stages of its investigation and assessment of the security event, the Company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results,” the statement read. 

The company did not point to any culprits or comment on whether it intended to pay any ransom demanded, but noted that disruption would likely continue to aspects of the business including advertising for local stations.

Read more about the attack here. 



The first bitcoin futures exchange-traded fund (ETF) in the U.S. is set to begin trading next week, an amended filing from ProShares said Friday.

The ProShares Bitcoin Strategy ETF had a proposed listing date for Monday under the ticker “BITO,” CNBC reported

Although the proposed date is Monday, trading might not begin until later in the week.

The Securities and Exchange Commission (SEC) has not formally approved the bitcoin futures ETF. There might never be a formal approval, but it still is allowed to be traded.

Read more here.


An op-ed to chew on: Technology ‘antitrust’ legislation could slow product innovation, hurt the digital economy 

Lighter click: Is the metro on fire today?

Notable links from around the web:

Donald TrumpDonald TrumpFormer defense secretary Esper sues Pentagon in memoir dispute Biden celebrates start of Hanukkah Fauci says lies, threats are 'noise' MORE’s presidential website hacked and defaced (Newsweek / Katherine Fung) 

Zillow Pumps the Brakes on Buying Homes (Motherboard / Maxwell Strachan)

The Facebook Whistleblower Won’t Change Anything (Wired / Os Keyes)

One last thing: Apple in the hot seat

A former Apple employee said the company fired her after she advocated for better conditions in the workplace.

Janneke Parrish, who was fired from her role as a product manager on Apple Maps on Thursday, told The Washington Post that she believes her firing was connected to her involvement in #AppleToo, a movement created to improve working conditions within the company.

Parrish's firing came just hours after she was quoted in a Washington Post article voicing support for her co-worker Cher Scarlett, who is a founder of #AppleToo.

Under the movement, more than 500 Apple employees have shared anonymous testimonials detailing their experiences with "racism, sexism, discrimination, retaliation, bullying, sexual and other forms of harassment" at the company and have accused Apple of operating as "an opaque, intimidating fortress," the Post reported.

Read more here. 

That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Tuesday.