SECURITY
SECURITY
SECURITY
BlackMatter ransomware gang allegedly shutting down after legal pressure
A member of the BlackMatter ransomware gang claims that the group is shutting down after increased pressure from authorities.
The group was founded earlier this year and is a successor to the DarkSide ransomware gang that shut down in May. DarkSide was best known for its ransomware attack on Colonial Pipeline Co. and donating part of their ill-gotten gains to charity.
“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) — project is closed,” someone representing the group wrote on a Russian hacking forum. “After 48 hours, the entire infrastructure will be turned off, allowing: Issue mail to companies for further communication [and] Get decryptor. For this write ‘give a decryptor’ inside the company chat, where necessary. We wish you all success, we were glad to work.”
What “the latest news” means was not explained. The Register reported today that the news could be related to police forces in Ukraine and Switzerland arresting 12 ransomware suspects earlier this week. Members of BlackMatter may have been detained in the raids.
And it is possible that law enforcement may have forced the group’s hand. Infamous ransomware group Revil announced it was shutting down in October after being hacked with it later coming to light that a multicountry law enforcement operation had hacked them.
That said, many are rightly skeptical given that BlackMatter is DarkSide rebranded.
“The announcement from BlackMatter that they are shutting down operations due to pressure from authorities should be met with skepticism, at best,” Mark Carrigan, cyber vice president, process safety and OT cybersecurity at Hexagon PPM, told SiliconANGLE. “This would not be the first time that they, and others, have made such an announcement only to resurface at a later date.”
Peter Mackenzie, director of incident response at Sophos plc, agreed, noting that BlackMatter is simply DarkSide rebranded following the Colonial Pipeline attack. “While the name was different, the core ransomware code was not, and it had the same weaknesses that allowed free decrypters to be produced,” MacKenzie explained. “In October, a security company announced they had a decrypter for BlackMatter and had been secretly helping victims. Taking these factors into account, it is likely this is yet another ransomware group pretending to shut down when in reality it is just a rebrand and launch of a new improved version sometime soon in the future.”
Photo: NASA Universe/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
