During the weekend of the 18th of September 2021, NEW Cooperative experienced a ransomware attack by the BlackMatter ransomware group. Currently the threat actors are demanding a 5.9-million-dollar ransom not to leak stolen data and provide a decryptor. The ransom will increase to $11.8 million if a ransom is not paid in five days.
“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems. Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.” – announcement by New Cooperative.
The attack was discovered after a sample of the ransomware was uploaded to a public malware analysis site on the morning of 20th of September 2021. This sample allowed researchers access to the BlackMatter ransom note, the ransomware negotiation page, and a non-public data leak page containing screenshots of allegedly stolen data. BlackMatter claims that they have stolen 1,000 GB of data which includes the source code for the soilmap.com project, R&D results, sensitive employee information, financial documents, and an exported database for the KeePass password manager.