The BlackMatter ransomware group has added technology giant Olympus to their victim list. According to a source at Olympus, the company found a ransom note on September 8th that claimed they had been targeted by the BlackMatter Ransomware Group. Olympus immediately started looking into the extent of the attack and halted all file transfers from their clients as a result. The extent of the attack is not yet known. BlackMatter came into light at the end of July 2021, and they claim to be the successor of the Darkside and REvil groups. The group is recruiting other cyber-criminals with access to networks of large enterprises that have a minimum revenue of 100 million or more per year. The group uses underground forums to recruit others and pays them a percentage of the ransom if one is paid. Like other ransomware operators, the group utilizes a victim leak site to post the stolen data of victims that do not pay.
Ransomware gangs recruiting other cyber criminals is not a new tactic as it helps these groups speed up their attacks by finding those who already have the access to networks. Utilizing a service like Binary Defense’s Counterintelligence team to look for and identify criminals selling access to organizations is a good first step in preventing these attacks. To protect against ransomware attacks, organizations should:
• Regularly back up data, air gap, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released. Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.
• Avoid reusing passwords for multiple accounts.
• Focus on cyber security awareness and training.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.