Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint CyberSecurity Advisory on Monday.
“The threat of ransomware goes beyond specific impacts to a victim company – it has risen to a national security issue,” said Rob Joyce, Director of Cybersecurity at NSA.
The document provides cyber actor tactics, techniques, and procedures and outlines mitigations to improve ransomware protection, detection, and response.
Actions You Can Take Now to Protect Against BlackMatter Ransomware
- Implement and enforce backup and restoration policies and procedures
- Use strong, unique passwords
- Use multi-factor authentication
- Implement network segmentation and traversal monitoring
In September, a major US farm service provider, New Cooperative Inc., was hit by the BlackMatter ransomware. In what appears to be a conversation between New Cooperative Inc and the hackers, New Cooperative appeals to threat actors claiming the attack can lead to disruptions in the grain, pork, and chicken supply chains. A deep web monitoring feed DarkFeed claims that the ransom demand was worth $5.9 million.
“First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware's developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021,” the advisory reads.
BlackMatter actors have attacked numerous US-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero.
This advisory includes analysis of a sample of BlackMatter ransomware and information from trusted third parties. The adversary actor's behavior is mapped to the MITRE ATT&CK framework, a common lexicon of adversary behavior recommended by CISA.
More from CyberNews:
Subscribe to our newsletter