Ransomware, Threat Management

CISA, FBI, and NSA issue advisory on BlackMatter ransomware

Fuel holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021, in Woodbridge, N.J. (Photo by Michael M. Santiago/Getty Images)

CISA, the FBI and NSA issued a warning to U.S. critical infrastructure Monday about BlackMatter, following attacks on agricultural firms NEW Cooperative and Crystal Valley.

BlackMatter, a rebranding of the group behind Dark Side ransomware, operates as ransomware as a service, where affiliates pay BlackMatter a commission to use the ransomware. Beyond infections at NEW Cooperative and Crystal Valley, it has also appeared at Idaho marketer Marketron and Japanese camera maker Olympus.

“The threat of ransomware goes beyond specific impacts to a victim company — it has risen to a national security issue,” Rob Joyce, director of cybersecurity at NSA, said in a statement.

The group has been active since July. Dark Side operated until international attention from its use in the Colonial Pipeline ransom garnered overwhelming international attention.

Information to detect, remediate and repel BlackMatter have been previously documented, but are included in the advisory, as well as common tips to avoid ransomware.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.