An Iowan agricultural group hit by ransomware over the weekend appears to have claimed that the impact of the attack on the US public could be worse than the Colonial Pipeline incident.
The attack has been traced to BlackMatter, a group that some believe has links to the DarkMatter outfit responsible for the days-long oil supply outage in May, which sent prices soaring on the East Coast.
According to reports, it targeted New Cooperative, a major US grain producer, with a $5.9m ransom demand.
However, screenshots of the negotiations between the two parties posted on Twitter by security researchers shed some interesting light on the attack’s significance.
In one, the cooperative’s spokesperson suggests that the ransomware group has misjudged the scale of the impact a resulting supply chain outage could have.
“The impact of this attack will likely be much worse than the pipeline attack for context, and we have no way to control that given the disruption this has already caused,” they said. “I am just telling you this so you are not surprised as it does not seem like you understood who we are and what role our company plays in the food supply chain.”
The threat actors appeared unmoved, demanding the firm come up with the money.
The to-and-fro between victim and extorter has added significance given the Biden administration has made it clear to the Kremlin that 16 critical infrastructure sectors of the US economy are off-limits to cybercrime groups thought to be operating from Russia.
After a relatively quiet summer, this attack would appear to be testing those red lines.
“There is going to be very very public disruption to the grain, pork and chicken supply chain. About 40% of grain production runs on our software and 11 million animals feed schedules rely on us,” the spokesperson said, according to another screenshot.
“This will break the supply chain very shortly, and we will have to report this to our regulators and likely the public if this disruption continues … CISA is going to be demanding answers from us within the next 12 hours or so and we are going to have to tell them exactly what has happened.”
Hank Schless, senior manager of security solutions at Lookout, argued that firms would need better to protect themselves in place of any geopolitical breakthrough.
“BlackMatter claimed that New Cooperative doesn’t reach the threshold that the President laid out. Threat actors already operate outside the bounds of the law, so why would they suddenly comply? If this is the attitude Russia-based threat actors have towards the President’s warnings, then this could be indicative of similar attacks to come,” he added.