Ransomware negotiations
Try to maintain discipline

Two major agricultural supply chain businesses were hit by ransomware attacks within the last week, and things got weird.

The first business affected was NEW Cooperative, Inc, an Iowa-based organization that handles 40 percent of national grain production and the feed schedules for 11 million farm animals. The ransomware attack was announced Monday, September 20.

Another agricultural cooperative called Crystal Valley was hit by a similar ransomware attack a few days later.

“The attack has infected our the [sic] computer systems and interrupted the daily operations of our company,” the company announced on its Facebook page. Crystal Valley has released no further details, and the typo remained at publication time.

It is unknown whether the two incidents are related, but the ransomware gang known as Blackmatter has been identified as in the attack on NEW Cooperative.

Communications between NEW Cooperative and the Blackmatter gang were leaked on Twitter. The two parties debate whether or not an agricultural business qualifies as “critical infrastructure.” The tone is childish, to put it mildly.

“Your website says you do not attack critical infrastructure. We are critical infrastructure – we [sic] intertwined with the food supply chain in the US,” wrote a representative from NEW Cooperative in an exchange with Blackmatter. 

Leaning heavily on the “I’m going to tell on you to the teacher” method of schoolyard dispute resolution,“ NEW explains to the hackers, “CISA is going to be demanding answers from us within the next 12 hours or so and we are going to have to tell them exactly what has happened and why the food supply chain is disrupted.”

Spider-Man Meme

“You do not fall under the rules,” Blackmatter replied. “Everyone will only incur losses, everything is tied to the commerce [sic], the critical ones mean the vital needs of a person, and you earn money,” wrote Blackmatter in return. 

“Its [sic] not that simple. And it does not sound like you actually have rules. Maybe you just say these things to sound like you care,” NEW Cooperative responded huffily. 

And then things went off the rails.

“[Y]ou violated our data recovery guidelines,” wrote Blackmatter, complaining about NEW Cooperative’s enlisting the aid of a ransomware negotiation firm.

“The only thing we violated was your mother… No payment for you! No free bitcoin anymore, Enough is Enough [sic]. You can stick your ransomware in your ass,” was the response, which unsurprisingly seemed to end the negotiation.

It’s unclear whether or not the representative bringing Blackmatter’s mother into the mix was acting on behalf of Coveware, but if it was, we’d love to see their operations manual.

An immature exchange