Cyber ​​researchers discover likely successor to ransomware gangs


According to cyber intelligence experts, a new cybercriminal group BlackMatter has been formed as the potential successor to the ransomware gangs responsible for massive attacks hitting US critical infrastructure.

Cyber ​​intelligence firm Recorded Future said the BlackMatter group is combining features of the REvil and DarkSide ransomware gangs.

The REvil group went dark earlier this month after shooting software company Kaseya and its customers, while the DarkSide gang disbanded in May after hitting the leading US fuel supplier Colonial Pipeline.

BlackMatter has pledged not to hit certain industries, including critical infrastructure, defense, healthcare, oil and gas, and governments, among others, according to Recorded Future. But BlackMatter targets companies and organizations with revenues of $100 million or more.

“BlackMatter, a member of the top forum Exploit and possibly a BlackMatter ransomware operator, is currently advertising the purchase of access to corporate networks in the US, Canada, Australia and the UK,” wrote Recorded Future’s Insikt Group. of the company Web site.

Risk intelligence firm Flashpoint has also labeled BlackMatter a “possible rebranding” of REvil and DarkSide, but has been more cautious in citing BlackMatter’s ties to other ransomware gangs.

About a week after REvil appeared to be shutting down, Flashpoint said it observed BlackMatter registering on Russian-language illegal websites and putting six-digit dollars worth of cryptocurrency into an escrow account. Flashpoint also noted that REvil’s spokesperson and BlackMatter share a common understanding of acceptable goals.

“While information is not a steaming weapon, it can indicate that REvil is not completely offline, only taking a small hiatus after some high-profile breaches,” Flashpoint wrote. Web site. “It is also important to note that two posts and one large escrow account do not constitute a ransomware group. It is possible that imitators deliberately mimic REvil’s behavior to gain instant credibility by claiming to be REvil’s reincarnation.

BlackMatter is not the only cybercriminal entity with links to REvil and DarkSide, which emerged after these gangs’ digital assets disappeared. Last month, cybersecurity firm FireEye said it identified a DarkSide affiliate targeting users of closed-circuit television software.

Tracking cyber attackers and ransomware gangs is complex, and the FBI previously told the Washington Times that it tracks nearly a hundred different types of ransomware, responsible for dozens to hundreds of attacks.

Bryan Vorndran, deputy director of the FBI’s cyber division, told the Senate Judiciary Committee this week that the federal government has created an algorithm that tracks the worst ransomware attackers.

“We have a full cross-agency algorithm that primarily prioritizes the level of impact of each variable on the United States, its economy, and various other stocks, from one to 101,” Mr. Vordran said. Said. “We estimate that their revenue from the biggest hacks we know of has exceeded $200 million to give you some sort of scope in the value proposition.”

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *