BlackMatter Ransomware: REvil and DarkSide kin are not finished

Share This Post

For the past several years, Ransomware and associated infrastructure has been dominating the news with high profile attacks on large corporations and institutions.
In particular before their recent disappearance, the hacking groups Darkside and REvil have caused quite a stir, with targets such as the Colonial Pipeline attack, Grubman Shire Meiselas & Sacks, Acer, and more.

As reported by Lawrence Abrams at BleepingComputer, individuals previously involved with the ransomware/hacking groups DarkSide and REvil have apparently rebranded as a new group known as BlackMatter. One piece of evidence for this is that the new darknet site branded by BlackMatter uses strikingly similar wording and theming as DarkSide. Additionally, Twitter user @fwosar
discovered that a BlackMatter decrypter uses similar encryption methods.


BlackMatter claims to combine the “best” techniques of DarkSide, REvil and LockBit. BlackMatter separately claims they will not consider targets such as hospitals, pipelines, or governments.
According to the BleepingComputer article, BlackMatter has been observed posting on hacking forums such as Exploit where they have made a 4 BTC deposit (worth over $100k USD), and they have already targeted multiple organizations and received a $4 million payment via their demands.

REvil and DarkSide are not the only ones to rebrand recently, DoppelPaymer has rebranded ‘Grief’. DoppelPaymer is behind attacks on e911 and a german hospital.

Between the probable lineage of BlackMatter with REvil/DarkSide and the fact that they are already attacking orgs, the near future at minimum holds a substantial risk of attack by Ransomware actors. PurpleFolder can work with you to manage and secure your IT infrastructure against Ransomware and other threats. Get in touch for a consultation at or our contact form.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Advanced Threat Protection | IT Security and Management Services

Rackspace Hosted Exchange Outage

Our team has been informed of an ongoing cyber incident that is effecting Rackspace managed exchange environments.   As a result of the incident, Rackspace


Log4Shell: One of the worst vulnerabilities ever

Christmas has come early for threat actors On December 10th 2021, a vulnerability in the popular Java logging framework log4j dropped on Twitter, originating from

Do You Want To Boost Your Business?

drop us a line and keep in touch