CISA, the FBI and NSA issued a warning to U.S. critical infrastructure Monday about BlackMatter, following attacks on agricultural firms NEW Cooperative and Crystal Valley.
BlackMatter, a rebranding of the group behind Dark Side ransomware, operates as ransomware as a service, where affiliates pay BlackMatter a commission to use the ransomware. Beyond infections at NEW Cooperative and Crystal Valley, it has also appeared at Idaho marketer Marketron and Japanese camera maker Olympus.
“The threat of ransomware goes beyond specific impacts to a victim company — it has risen to a national security issue,” Rob Joyce, director of cybersecurity at NSA, said in a statement.
The group has been active since July. Dark Side operated until international attention from its use in the Colonial Pipeline ransom garnered overwhelming international attention.
Information to detect, remediate and repel BlackMatter have been previously documented, but are included in the advisory, as well as common tips to avoid ransomware.