Ransomware

DarkSide ransomware gang returns as new BlackMatter operation

0

Encryption algorithms found in a decryptor indicate that the notorious DarkSide ransomware gang has been rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.

The DarkSide ransomware group faced increased scrutiny by international law enforcement and the US government for their role in attacks against Colonial Pipeline, the largest fuel pipeline in the US.

In May, the DarkSide ransomware operation suddenly shut down after losing access to their servers and cryptocurrency was seized by an unknown third-party.

Later it was found that the FBI recovered 63.7 Bitcoins of the approximately 75 Bitcoin ($4 million) ransom payment made by Colonial Pipeline.

A new ransomware operation known as BlackMatter emerged this week which is actively attacking victims and purchasing network access from other threat actors to launch new attacks.

The BlackMatter group performed multiple attacks and demanded ransom ranging from $3 to $4 million. One victim has already paid a $4 million ransom to BlackMatter to delete stolen data and receive both a Windows and Linux ESXi decryptor.

A decryptor from a BlackMatter victim was found by BleepingComputer and shared with Emsisoft CTO and ransomware expert Fabian Wosar.

Wosar on analyzing the decryptor, confirmed that the new BlackMatter group is using the same unique encryption methods used by DarkSide in their attacks.

The encryption routines used by BlackMatter are same, including a custom Salsa20 matrix unique to DarkSide.

According to Fabian, the Salsa20 implementation was previously only used by DarkSide, and now BlackMatter.

DarkSide also used an RSA-1024 implementation unique to their encryptor, which BlackMatter also uses.

Even though there is no 100% proof that BlackMatter is a rebrand of the DarkSide operation, many similar characteristics make it hard to believe otherwise.

The same encryption algorithms, the similar language used on the BlackMatter sites, similar craving of media attention, and similar color themes for their TOR sites, highly suggests that BlackMatter is the new DarkSide.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    PwnedPiper flaws in PTS systems affect 80% of major US hospitals

    Previous article

    WhatsApp adds Snapchat-like view once photo and video feature

    Next article

    You may also like

    More in Ransomware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *