NEW Cooperative Hit with Ransomware, Core Systems and Sensitive Data is Compromised.
Russian organized cybercriminals, BlackMatter, used ransomware to attack Iowa-based U.S. farm cooperative, NEW Cooperative.
NEW Cooperative is one of the largest farm cooperatives, and is responsible for much of the country’s grain production. This includes fertilizer supply, storage, animal feed, and technology. Their animal feed has a direct impact on feeding schedules for millions of chickens, hogs, and cattle.
Hackers are not letting up on targeting infrastructure. This type of attack is becoming commonplace because ransom might be paid faster since so many people are impacted.
The ransomware attack occurred over the weekend, as many do, because of the lack of staff working on weekend days. Once the hackers locked down NEW Cooperative’s systems, they demanded $5.9 million. Once contact was established, threats were issued, saying that the federal government would respond forcefully but hackers refused to back down.
In fact, BlackMatter threatened if the ransom wasn’t paid, they would publish a terabyte of NEW Cooperative’s data. This would include invoices, research and development docs, and the source code to its soil-mapping technology.
What was Affected?
As with other attacks, NEW Cooperative took everything offline until they could isolate the threat. During the audit, NEW Cooperative found 653 breached credentials.
This graphic, of correspondence between NEW Cooperative officials and the hackers was released following the incident.
“Chicken1” – A Call for Better Passwords.
Similar to the Colonial Pipeline attack in late April/early May of 2021, the breach seems to be a result of a bad password.
We encourage our MSPs and MSSPs to encourage users to create stronger passwords. Why? The audit found that the password “chicken1” was common among NEW Cooperative employees.
How Can I Prevent Ransomware Attacks?
From the email protection side of things (which is where many cyberattacks occur), Mailprotector can help you layer a complete email security platform on top of M365, G Suite, or any other email host.