NEW Cooperative, an Iowa-based farm cooperative was recently hit by a ransomware attack that forced it to take its systems offline. NEW Cooperative has operations in over 50 locations and provides a variety of digital and software services to its network of farmers.
The ransomware group BlackMatter is reportedly behind the attack. Security experts believe that BlackMatter is either being run by the same actors who created the DarkSide ransomware or have very close ties to its creators. Notably, it was an affiliate of the Darkside ransomware group that took down Colonial Pipeline a few months back. The Darkside group shut down operations shortly after the Colonial Pipeline attack citing pressure from the US government and global law enforcement agencies.
BlackMatter is said to have demanded a ransom of $5.9 million from NEW Cooperative. However, the organization is working with law agencies and data security experts to see if they can recover the data. In the aftermath of the attack, digital identity management firm FYEO found that over 650 breached credentials were in use in the farm cooperative.
They found the password ‘chicken1’ was being used by over 120 employees. “The NewCoop ransomware situation is concerning for a number of reasons, the first being that hackers are still going after critical infrastructure and seeking to disrupt supply chains even when explicitly stating otherwise. Beyond that, it’s indicative of a larger problem: password management,” said Tammy Khan COO of FYEO to ZDNet.
It’s worth noting here that it was through a compromised password of an inactive VPN account threat actors managed to intrude into the Colonial Pipeline network and execute one of the largest ransomware attacks in recent times. Threat actors are taking advantage of the fact that the majority of the organizations continue to rely on passwords to protect various mission-critical infrastructures including Active Directory, despite struggling to weed out poor password practices.
Understanding how attackers think is the only way forward for organizations looking to reduce their attack surface.
