New Cooperative hit by BlackMatter ransomware

The BlackMatter ransomware gang has targeted NEW Cooperative, an Iowa-based farmer’s feed and grain cooperative, and is demanding a $5.9 million ransom.

The gang claims to have stolen 1,000 GB of data and has threatened to double the ransom if the ransom is not paid within five days.

The source code for the project, financial information, network information, R&D results, confidential personnel information, legal and executive information, and a KeePass export are among the data stolen.


The cooperative, which is operational over 50 locations across Iowa, provides grain feedstock to livestock and poultry farms. The cooperative discovered the attack on Friday and took its systems offline to contain the threat, according to a statement from the organisation.


Law enforcement agencies have been notified, and investigations into how the attack was carried out are underway. The BlackMatter outfit, which claims to be the heir to the Darkside and REvil gangs, began operations in late July. The ransomware gang BlackMatter, also has a leak site where it publishes data exfiltrated from victims prior to encrypting their system.


The BlackMatter ransomware was discovered by Recorded Future researchers, who found that the gang is establishing a network of affiliates by posting adverts on two cybercrime forums, such as Exploit and XSS. The gang is looking for hackers with access to the networks of large corporations with annual revenues of $100 million or more in order to infect them with its ransomware.


The operators of the BlackMatter ransomware have stated that they will not target healthcare organisations, essential infrastructure, defence organisations, or non-profit organisations.


New Cooperative warned the hackers in an online conversation that the attack will result in a strong government response. According to the Wall Street Journal, BlackMatter has reverted, threatening to double the ransom price.


You might also like:

DarkSide ransomware gang is back as BlackMatter operation

Haron and BlackMatter ransomware groups appeared on hacker forum

REvil Ransomware universal decryptor key leaked