BlackMatter ransomware has made headlines in the last month as the string of cyberattacks that have defined a large part of 2021 continue. Discovered at the end of July, BlackMatter is a new ransomware that seems to have been developed by malicious developers associated with another group of cybercriminals, DarkSide. While BlackMatter's developers claim that they are entirely new, McAfee's analysis of the malware shows eerie similarities between the two attacks that lead professionals to believe these attackers are one in the same.
NEW Cooperative's Ransomware Attack
The latest BlackMatter ransomware attack targeted NEW Cooperative, Inc., an Iowa-based agriculture services provider, taking its operations offline and demanding a $5.9M ransom in return for a decryptor key. NEW Cooperative's technology powers 40 percent of grain production in addition to the feed schedules of 11 million farm animals across the country, posing a major threat to the country's core food production process.
BlackMatter's Mixed Messaging on "Critical Infrastructure"
After going public with their attacks, BlackMatter has established a set of ground rules that they (supposedly) abide by that establish companies that are off-limits to attack. Leaked screenshots of a private chat reveal more information, sharing that the group will offer free decryption for hospitals, critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities), oil and gas companies, defense industry, non-profit companies, and government organizations.
Unfortunately, it seems that these rules are either loosely followed or fabricated altogether as the group targets a major element in domestic food production and distribution that could impact the availability of goods across the U.S. if not handled appropriately.
Ransomware Protection Tips for Small Businesses
Between Colonial Pipeline, JBS Foods, and NEW Cooperative, ransomware attacks seem to be increasingly targeting operations that may often be out of the public eye, but that play a large role in upholding daily life behind the scenes. While ransomware attacks on large-scale companies are constantly peppering the headlines, it's important to remember that over half of ransomware attacks target small businesses. Here's what small business owners can do to stay prepared:
Enable Multi-Factor Authentication – Multi-factor authentication, often known as MFA, is the first line of defense against an attack. By requiring an additional sign-on code from a second source, MFA immediately eliminates the overwhelming majority of phishing attacks and password theft.
Use AI-Based Cyber Endpoint Protection – AI-powered cyber endpoint protection, used by our team at SeedSpark, creates a dynamic defense that learns to identify and eliminate the latest threats targeting every device on your network.
Create a Backup and Disaster Recovery (BCDR) Plan – From regular hourly backups to cyber liability insurance, creating a comprehensive plan that helps your business address and recover from a cyberattack is key in making sure that your business is able to bounce back in the worst-case scenario.
SeedSpark is a technology partner for SMBs, delivering AI-powered cybersecurity and ransomware protection for clients of all sizes. We partner with businesses to deliver antivirus software, anti-malware software, email security software, and training, all combined with daily data backups to provide protection and peace of mind. Contact our team today to learn more about our complete cybersecurity packages for small businesses.