The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency (NSA) today issued an alert about the infamous BlackMatter ransomware, warning that over the past few months two US food and agricultural companies as well as critical infrastructure organizations have suffered attacks via the malicious code.
The joint advisory — which comes less than a week after the agencies issued one on ongoing attack campaigns against US water and wastewater facilities — includes tactics, techniques, and procedures (TTPs) gleaned from a sample of the BlackMatter ransomware and recommended defenses to prevent and mitigate against infection.
BlackMatter operates a ransomware-as-a-service, so various cybercrime gangs can employ it in attacks. It was recently tied to a ransomware attack suffered by farm services provider New Cooperative, which resulted in the company taking its systems offline.
"The threat of ransomware goes beyond specific impacts to a victim company — it has risen to a national security issue," Rob Joyce, Director of Cybersecurity at NSA, said in a statement. "NSA's technical skills and threat intelligence will continue to support our partners across government and industry to degrade adversary footholds into networks where they launch ransomware. Employing the mitigations in the joint advisory with CISA and FBI will protect networks and mitigate the risk against BlackMatter and other ransomware attacks."
Read more here.