BlackMatter ransomware gang says it is shutting down under pressure from law enforcement – TechCrunch

The BlackMatter ransomware operation, which rose to prominence earlier this year following the demise of the DarkSide ransomware gang, is said to be shutting down due to “pressure from the authorities.”

The group announced its intention to shut down in a post on its ransomware-as-a-service (RaaS) portal, where other criminal groups typically register in order to gain access to the BlackMatter ransomware strain. The message, obtained by a member of the vx-underground infosec group, translates to: “Due to certain insoluble circumstances linked to pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed.

“After 48 hours, the entire infrastructure will be deactivated, which will allow – to send mail to businesses for further communication; Get the decryptor. To do this, write “give a decryptor” in the company chat, if necessary. We wish you much success, we were happy to work.

It is unclear what the “breaking news” refers to, though the post follows a recent New York Times report that said the United States and Russia have started working more closely to crack down on cybercrime organizations. based in Russia. It also comes after the CISA, FBI and NSA issued a warning that the ransomware group BlackMatter has targeted “several” organizations considered critical infrastructure, including two organizations in the U.S. food and beverage industry. Agriculture. The advisory provided information on tactics, techniques, and procedures (TTPs) associated with the ransomware gang.

It’s also possible that the missing BlackMatter team members are linked to a recent international law enforcement operation that arrested 12 people linked to 1,800 ransomware attacks in 71 countries.

The BlackMatter Group first appeared in July this year and is believed to be responsible for numerous attacks on U.S. businesses, including the recent attack on NEW Cooperative, an Iowa-based agricultural services provider that received a request from ransom of $ 5.9 million to unlock their systems. . BlackMatter also hit Japanese tech giant Olympus in September, forcing the shutdown of the company’s network in Europe, the Middle East and Africa.

BlackMatter’s ransom demands ranged from $ 80,000 to $ 15 million in cryptocurrency, according to the recent U.S. law enforcement advisory. However, New Zealand-based cybersecurity firm Emsisoft claims to have prevented “tens of millions of dollars” in ransom payments from reaching the BlackMatter group. After discovering a flaw in the group’s encryption process, he was able to quietly help BlackMatter ransomware victims recover encrypted files without having to pay the ransom.

At the time, Emsisoft threat analyst Brett Callow said this decryption campaign could be the death of BlackMatter. Now, however, he is no longer so sure.

“It’s impossible to say if this will be a permanent release or just another rebranding,” Callow told TechCrunch. “Hopefully this is the first.

Leave a Comment