The BlackMatter ransomware group, which has been active in the last 4 months, has recently announced that it will be shutting down operations according to reports released by a member of the security research group vx-underground. BlackMatter provided malware and services to affiliate groups in a ransomware-as-a-service model (RaaS). These affiliate groups then used this ransomware strain to conduct the actual intrusions and malware deployment on targeted organizations’ networks. The announcement was posted on the backend of BlackMatter’s ransomware portal, typically accessed by criminal affiliate groups purchasing the provided ransomware services.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased