Menu
On Monday 1st of November 2021, the threat actors behind the BlackMatter Ransomware released an announcement on their ransomware-as-a-service (RaaS) website which is used by their affiliates to communicate with the core ransomware operators and receive support during operations. The announcement stated that the operation was going to shut down after 48 hours of the release of the announcement.
Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – project is closed.
After 48 hours the entire infrastructure will be turned off, allowing:
We wish you all success, we were glad to work.” – BlackMatter announcement.
Currently no one is sure on which members of the core ransomware team are missing but there is a belief that it could be linked to a recent international law enforcement operation arresting twelve individuals linked to 1,800 ransomware attacks in 71 countries.
In terms of current victims of BlackMatter, the post states that the decryptors will be released to the affiliates so therefore there is a possibility that affiliates might look to continue extorting current victims without the support of the core ransomware team.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
