BlackMatter was an emerging Ransomware group. The group has already carried out hacking activities on many critical infrastructure providers. Several U.S enterprises have fallen victim to their attacks. The ransom payments involved ranged from $80,000 to $15,000,000 in Monero and Bitcoin.
First observed last year in July, BlackMatter is a RaaS (Ransomware As A Service) tool that permits ransomware developers to derive profits through cybercriminal affiliates who deploy it against the victims.
These details were made available by CISA (the Cybersecurity and Infrastructure Security Agency), NSA (National Security Agency), and FBI.
BlackMatter is perceived to be a DarkSide rebrand. DarkSide was another RaaS tool active from September 2020 to May 2021. Presumably, the DarkSide group was under pressure from the authorities and subsequently disappeared.
In September 2021, BlackMatter targeted a crucial player in the U.S food supply chain. The ransom amount was around $5.9m. Besides this incident, many NGOs, government organizations, and others have fallen victim to their attack.
The enterprises were asked to restrict access to network resources and enforce the concept of least privilege in access and identity management. Acceptable restoration policies and backup plans are recommended as well.
All in all, the BlackMatter group has stolen around 1,000 GB of information: financial data, legal information, source code, and sensitive information on employees.
Here’s how BlackMatter ransomware worked.
The group would try to terminate Windows processes, services, and security solutions. Once the group is able to compromise an account, the attackers can scope out the network for open shares and hosts before initiating the encryption process.