Articles Experts: BlackMatter ransomware was created by the authors of...

Experts: BlackMatter ransomware was created by the authors of the recently “closed” DarkSide


Last week, experts noticed the emergence of a new ransomware BlackMatter, which combines the “best” features of the now defunct DarkSide and REvil. In particular, then the analysts of Recorded Future wrote that the new group could be associated with DarkSide, which ceased operations in May of this year, after the  scandalous attack  on the Colonial Pipeline company, which attracted too close attention of the authorities to hackers.

Several companies have already suffered from BlackMatter, and hackers demanded a ransom from them in the amount of 3 to 4 million dollars, Bleeping Computer now reports . One victim has already paid the attackers $ 4 million and received an ESXi decryptor for Windows and Linux from them.

The journalists showed this tool to the information security expert and the technical director of the Emisosft company Fabian Vosar. He confirmed that BlackMatter uses the same unique encryption methods that the DarkSide group used in their attacks (including the special Salsa20 matrix unique to this group).

The publication also notes that if BlackMatter is just a “rebranding” of DarkSide, this explains some of the limitations listed on the hackers’ site. So, among other things, the group reports that it is not going to attack “the oil and gas industry (pipelines, oil refineries).” Let me remind you that it was the attack on the operator of the Colonial Pipeline that led to the “closure” of DarkSide.

Meanwhile, at the beginning of this week, Dmitry Smilyanets, an expert analyst at Recorded Future, interviewed a representative of a new extortionist group. BlackMatter denies being involved with DarkSide; instead, the hackers say they were only inspired by “the work of colleagues.”

“Darkside is relatively new software with a good codebase (partly problematic, but the ideas themselves deserve attention) and an interesting web part when compared to other RaaS. [Our] executable file incorporates ideas from LockBit, REvil and partly DarkSide. The web part has incorporated the technical approach of DarkSide, as we consider it the most structurally correct (separate companies for each goal, and so on), ”the criminals say.

When Smilyanets directly asked if the group’s representatives could confirm that their infrastructure is based on DarkSide, they replied:

“We can say for sure that we are fans of the dark theme in design and have known the DarkSide team for collaboration in the past, but we are not them, although we are close to their ideas.”

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you