Friday, October 7, 2022
Home Tech News BlackMatter ransomware group reportedly closing

BlackMatter ransomware group reportedly closing

Cybersecurity researchers are wondering if reports that the BlackMatter ransomware gang is folding are too good to be true.

According to a news report the group made the announcement in the backend of their Ransomware-as-a-Service portal, where other criminal groups typically register in order to get access to the BlackMatter ransomware strain.

Another report said the security research group VX-Underground was sent a screenshot of a message allegedly posted by the BlackMatter operators on November 1st on the RaaS website.

A translation of the Russian post says

“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – project is closed.

After 48 hours the entire infrastructure will be turned off, allowing:

* Issue mail to companies for further communication
* Get decryptor. For this write “give a decryptor” inside the company chat, where necessary.

We wish you all success, we were glad to work.”

The news site The Record, a service of the threat intelligence provider Recorded Future, notes the move comes after three significant events:

— reports from Microsoft and Gemini Advisory that linked the FIN7 cybercrime group, considered the creators of the Darkside and BlackMatter strains, to a public cybersecurity firm named Bastion Secure, through which they allegedly recruited unwitting collaborators;

— security firm Emsisoft had secretly developed a decryption utility for the BlackMatter ransomware strain, which the company had quietly given to victims in order to let them  avoid paying the group’s ransom demands;

— a report from the New York Times this Sunday that announced that the U.S. and Russia were collaborating on cracking down on Russia-based cybercrime and ransomware gangs, among others.

For its part, the Bleeping Computer news site said there might be a link to a Europol announcement last week that law enforcement had detained 12 people in Ukraine and Switzerland on suspicion of being involved in ransomware.

In an email, Brett Callow, British Columbia-based threat analyst for Emsisoft, told ITWorldCanada.com that The BlackMatter operators will be spooked, as will their affiliates, by the gang’s post. “Their affiliates will also be annoyed because of their multi-million dollar losses due BlackMatter’s coding error – which they’ll no doubt be concerned could also have resulted in BlackMatter’s infrastructure being compromised.

“At the end of the day, it’s unclear what’s happened. The operation could’ve folded simply due to lost confidence and paranoia, or the Russian government may also have had a hand in the gang’s decision.

“Whatever the case, this can be chalked up as another win – and the wins seem to be coming more often.”

The ransomware attack against Colonial Pipeline resulted in the shutting down of DarkSide ransomware, which had claimed responsibility for the attack, noted Peter Mackenzie, director of incident response at Sophos. This then resulted in DarkSide returning under the new name of BlackMatter shortly after. While the name was different, the core ransomware code was not, and it had the same weaknesses that allowed free decrypters to be produced. In October, Emsisoft announced they had a decrypter for BlackMatter and had been secretly helping victims.

“Taking these factors into account, it is likely this is yet another ransomware group pretending to shut down, when in reality it is just a rebrand and launch of a new improved version sometime soon in the future.”

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...