As many of us know, cybercriminal groups are always active and that new groups emerge it is not surprising, this happens with BlackMatter a new group of ransomware, which began to actively recruit collaborators to attack large-scale organizations.
In their ads, which they post on cybercrime forums, they indicate that they are interested in attacking companies with revenues of more than $ 100 million. Some headlines place this band as the successor to the already dismantled DarkSide, others point to a return of said group, and the truth is that it is still not very clear how this recently formed band will evolve, which has already claimed its first victims but if you wonder who were DarkSide?
DarkSide made its initial appearance in August 2020 and were the creators of the DarkSide ransomware, in addition, its affiliates launched a worldwide crime wave that affected organizations in more than 15 countries and multiple vertical industries. Like many of their peers, these cybercriminals carried out multifaceted extortions in which data was exfiltered and encrypted instead, allowing them to demand payment from those attacked.
It’s no wonder that BlackMatter has been linked with DarkSide as similarities in encryption algorithms have been identified and it is actually lifting analyst-defined Yara rules for DarkSide. On VirusTotal, at the time of this writing, 14 samples linked to BlackMatter were already appearing, where 12 of them had awakened the Yara rules defined for Darkside. At the moment we can only wait to see how this group continues but for these reasons we must take greater security measures, especially large companies that handle large sums of money.
Other reads:
GhostEmperor group that targets high profile users
Charming Kitten, A cunning criminal group
[…] also:BlackMatter new threat group emergesMagecart group targeting online […]