Threat Watch

BlackMatter Ransomware Group Announces Shutdown

The BlackMatter ransomware group, which has been active in the last 4 months, has recently announced that it will be shutting down operations according to reports released by a member of the security research group vx-underground. BlackMatter provided malware and services to affiliate groups in a ransomware-as-a-service model (RaaS). These affiliate groups then used this ransomware strain to conduct the actual intrusions and malware deployment on targeted organizations’ networks. The announcement was posted on the backend of BlackMatter’s ransomware portal, typically accessed by criminal affiliate groups purchasing the provided ransomware services. 

ANALYST NOTES

BlackMatter is suspected by many researchers and law enforcement organizations, including CISA, to be a reorganization of the DarkSide ransomware group that ended operations in July. Historically, criminal groups often reorganize due to political or law enforcement pressure, or from the loss of services from key members. It remains to be seen whether such a reorganization will take place for BlackMatter members.

The RaaS model seems to be alive and well, and it is likely that criminals will continue to operate as long as they can profit from their actions. However, new pressure is being applied to ransomware groups. Articles, including reports in the New York Times, have recently claimed that the USA and Russia are collaborating more closely on policing the activities of ransomware groups based in Russia.

https://therecord.media/blackmatter-ransomware-says-its-shutting-down-due-to-pressure-from-local-authorities/

https://us-cert.cisa.gov/ncas/alerts/aa21-291a

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support