Ransomware, Threat Intelligence

Days after targeting feed company, BlackMatter targets media marketing company

An aerial view from a drone shows a grain cart being used during the corn harvest in a field at the Hansen Family Farms on Oct. 12, 2019, in Baxter, Iowa. (Photo by Joe Raedle/Getty Images)

Marketron on Monday confirmed that it was hit with a ransomware attack by BlackMatter that shut down its systems, which makes it the second company attacked by the gang over the past weekend.

New Cooperative, a farmers group that operates more than 60 locations throughout Iowa, also confirmed over the weekend that it was hit with a BlackMatter ransomware attack in which the threat group demanded $5.9 million.

In a notice to its customers on Tuesday, Idaho-based Marketron offered a workaround and said it was diligently trying to determine the root cause of the issue and get systems back up and running. Marketron works on multimedia advertising campaigns with more than 6,000 media organizations globally and manages $5 billion in annual U.S. advertising revenue, representing some 1 million advertisers.

Marketron CEO Jim Howard sent out the following letter to the company’s customers:

Dear Marketron Customer,

Marketron has been hit with a cyberattack from the Russian criminal organization BlackMatter.Currently, all Marketron customers are impacted.

This issue comes despite significant recent investments in separating backup and disaster recovery in different physical and network environments, instituting “zero trust” access management policies, and new security detection and recovery tools.We have notyetdiscoveredhow the hackers exploited our networks.

While security and rapid disaster recovery have been top priorities, we obviously have not done enough. We know you count on us to keep your business operational, and we are extremely sorry for this impact. 

Marketron is communicating with BlackMatter as well as the FBI. All available resources are being applied to restoring systems as quickly as possible. This includes working with third-party security experts and bringing in additional resources.

We are focused on restoring service as soon as possible and will continue to communicate about the situation. Additional details on the breach will be provided when available. You can find the latest details on this status page.

Authorities believe BlackMatter was reformed out of the DarkSide ransomware operation, which was responsible for the Colonial Pipeline attack in May. On its website, BlackMatter said it did not attack the following operations: hospitals, critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities), oil and gas industry (pipelines, oil refineries), the defense industry, non-profit companies, and the government sector. Companies on that list can ask BlackMatter for a free decryptor.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.