While Black Matter, a new ransomware group, promised not to target critical infrastructure, those purchasing the RaaS don’t necessarily follow that rule
In response to recent ransomware attacks, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA): BlackMatter Ransomware. The CSA was developed to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations.
First seen in July 2021, BlackMatter is ransomware-as-a-service (RaaS) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible “rebrand” of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero.