BlackMatter Great Shut Down

BlackMatter ransomware group announced its shut down due to “pressure from the authorities”. VX-Underground, which collects the latest malware samples posted the BlackMatter announcement about its shut down on Twitter. Many believe DarkSide to be the predecessor of BlackMatter. And it’s quite the possibility in the future for hackers to just reappear under a different name.

First time Blackmatter appeared on the scene in July 2021. The same month the group started making advertisements on different cybercrime forums (Exploit and XSS) offering $100,000 for exclusive access. BlackMatter also declared that they primarily make interests in companies with revenues over $100m or more within the US, Canada, the UK and Australia. After the case with the Colonial Pipeline the ads from BlackMatter forums started to ban but the group instead began to publish for “initial access brokers”.

BlackMatter ransomware group conducted several attacks

On August 17, 2021 BlackMatter stole the data from a Louisville, Kentucky based law firm. The group could access the critical information by compromising the firm’s RDP (Remote Desktop Protocol). It’s interesting because the same method operated in the cyberattack against Colonial Pipeline. After exploiting RDP as an entry point BlackMatter probed the network for silently stealing major critical information.

Since July 2021 BlackMatter targeted two U.S. Food and Agriculture Sector organizations. Another company that hackers targeted was Pine Labs, an Indian merchant platform company. The Pine Labs provided financing and retail transaction technology for its customers. The attack exposed more than 500,000 unique records of contact information.

As the next victim hackers targeted technology giant Olympus. This Japan-based company produces digital and optical reprography technology for the life sciences and medical industries. In total cyber security specialists have detected more than 40 ransomware attacks related to BlackMatter but the final number of victims can be remarkably higher.

“We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,” President Biden on Counter Ransomware Actions.

On November 8, 2021 US Department of Justice charged two defendants with cybercrimes connected to ransomware. According to the press release by the Department of Justice Russian and Ukrainian nationals have direct connection to the REvil ransomware group.

And it was also not so long ago that Europol and Eurojust with the joint forces of other countries targeted 12 high-profile hackers. They allegedly conducted large scale ransomware attacks that affected over 1 800 victims in 71 countries. Hackers` activity included Dharma, MegaCortex and LockerGoga.