For the past several years, Ransomware and associated infrastructure has been dominating the news with high profile attacks on large corporations and institutions.
In particular before their recent disappearance, the hacking groups Darkside and REvil have caused quite a stir, with targets such as the Colonial Pipeline attack, Grubman Shire Meiselas & Sacks, Acer, and more.
As reported by Lawrence Abrams at BleepingComputer, individuals previously involved with the ransomware/hacking groups DarkSide and REvil have apparently rebranded as a new group known as BlackMatter. One piece of evidence for this is that the new darknet site branded by BlackMatter uses strikingly similar wording and theming as DarkSide. Additionally, Twitter user @fwosar
discovered that a BlackMatter decrypter uses similar encryption methods.
BlackMatter claims to combine the “best” techniques of DarkSide, REvil and LockBit. BlackMatter separately claims they will not consider targets such as hospitals, pipelines, or governments.
According to the BleepingComputer article, BlackMatter has been observed posting on hacking forums such as Exploit where they have made a 4 BTC deposit (worth over $100k USD), and they have already targeted multiple organizations and received a $4 million payment via their demands.
REvil and DarkSide are not the only ones to rebrand recently, DoppelPaymer has rebranded ‘Grief’. DoppelPaymer is behind attacks on e911 and a german hospital.
Between the probable lineage of BlackMatter with REvil/DarkSide and the fact that they are already attacking orgs, the near future at minimum holds a substantial risk of attack by Ransomware actors. PurpleFolder can work with you to manage and secure your IT infrastructure against Ransomware and other threats. Get in touch for a consultation at firstname.lastname@example.org or our contact form.