With the threat actors behind BlackMatter Ransomware announcing they were shutting down on Monday 1st of November 2021, the remaining affiliates have been moving their victims to the competing ransomware gang. LockBit to continue the extortion of their victims. This has been proven by the fact that in existing BlackMatter negotiation chats to victims, affiliates are now providing victims links to LockBit’s Tor sites where new negotiation pages have been set up for them.
Even though BlackMatter’s infrastructure is still live, they have been showing more signs of shutting down by deleting posts and deactivating their accounts on Russian-speaking hacking forums to hide their presence.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.