Another US Establishment Hit by Ransomware Group Operating From Russia

Earlier this year, US-based meat supplier, JBS was hit by a ransomware attack by REvil after which the company paid US$11 million to get its systems restored.  But, attacks have not been limited to individual companies alone. Prior to that, Colonial Pipeline that carries fuel to the US East Coast was also attacked by ransomware group DarkSide severely threatening critical infrastructure. Both the hacker groups operated out of Russia. 

President Biden had then taken this issue up with the Russian President, even listing 16 critical sectors that the groups should steer away from, Bloomberg reported. While agriculture is one of the listed areas, the hackers BlackMatter on their dark website claimed that the scale of the Cooperative's scale of operations did not qualify them as 'critical.'  The cooperative is currently back to using paper tickets and using manual processes to continue feed supply, albeit very slowly. 

The hacker group, whose page is in Russian, reports Bloomberg, is believed to be linked to DarkSide, whose operations took a hit after the Colonial attack. The website claims that it has accessed New Cooperative's data on finances, human resources, research, and development as well as its source code for "Soil Map", a technology platform for producers. The latter is currently unavailable and the group has claimed that unless the Cooperative pays the $5.9 million ransom in cryptocurrencies by September 25, it will have nothing. 

In online communication with the hackers, New Cooperative warned that the attack would evoke a forceful government response. However, BlackMatter has reverted with a threat of doubling the ransom amount, WSJ reported. 

Given the extended period of time for paying the ransom, we need to wait to see who blinks first. Will the Cooperative give in now to save its data and hope the Department of Justice Task Force can crackdown on the group later on?