Connect with us

Hi, what are you looking for?

Cyber Security

Feds Urge Action Against BlackMatter Ransomware Based on Third-Party Tip

A joint advisory officially associates the notorious ransomware-as-a-service group with the Colonial Pipeline attack.

Federal agencies credited a trusted third-party in issuing specific detection signatures to combat activity from BlackMatter, which they said has attacked multiple critical infrastructure organizations, most notably in the agricultural sector.

“This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) obtained from a sample of BlackMatter ransomware analyzed in a sandbox environment as well from trusted third-party reporting,” reads an advisory released Monday by the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI.

The advisory urged typical mitigations for defending against ransomware, along with specific signatures to detect activity associated with BlackMatter, which it acknowledged is likely the reincarnation of the group previously called DarkSide

“First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows  the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims,” according to the advisory. “BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero.”

After taking responsibility for the Colonial Pipeline attack in May, DarkSide said it would shut down operations, but observers had already expected the group would simply emerge under a different name. 

In June, President Joe Biden met with Russian President Vladimir Putin and warned of consequences for harboring ransomware criminals associated with groups like DarkSide and REvil, for which officials have attributed an attack on meat producer JBS. Officials said Biden shared a list of critical infrastructure that is off-limits.

In September, BlackMatter demanded a $5.9 million ransom in an attack on an Iowa grain co-op. The website for the group, which researchers also associate with REvilreportedly claims the group does not attack critical infrastructure. The advisory released Monday begs to differ.

“Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations,” the agencies wrote.

Source: https://www.nextgov.com/cybersecurity/2021/10/feds-urge-action-against-blackmatter-ransomware-based-third-party-tip/186189/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen’s Black Lotus Labs. Malware leveraging flaws...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO