BlackMatter is the new ransomware to be afraid of

US federal security agencies have published a joint warning aimed at cyber security experts, warning of the inevitability of a series of new ransomware attacks by the BlackMatter hacker group, also born from the ashes of the infamous DarkSide. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) are the three agencies involved in this joint consultation, which follows months of scrutiny and investigations into the hacker group. Agencies consider the signs of upcoming activity strong enough that they have felt the need to recommend companies to strengthen their cybersecurity defenses, particularly those related to user credentials, password security, and multi-factor authentication (MFA ).

BlackMatter is the result of a grouping of members previously involved with DarkSide, the infamous hacking team that shut down operations in May of this year. BlackMatter, like the Desorden hacker group (which recently targeted Acer), appears to favor attacks on major companies in supply chains, intensifying repercussions and chaos across multiple endpoints. Since it began operating under the new name, BlackMatter has already attacked numerous US critical infrastructure organizations, including two food and agriculture cooperatives, as well as private companies such as Olympus.

As cryptocurrencies have become more of a trend since their launch, they are part of the ransomware workflow: "Ransomware attacks against critical infrastructure entities could directly affect consumers' access to their services" , reads the notice. "BlackMatter members attacked numerous US-based organizations and demanded ransoms ranging from $ 80,000 to $ 15,000,000 in Bitcoin and Monero."

The document delves further into the details of the BlackMatter ransomware operation, from which cybersecurity considerations for potential targets are derived. By deploying a sample of BlackMatter's ransomware in a secure investigative environment, the agencies emphasize the sophistication of its approach, which allows it to attack both Windows and Linux environments, as well as ESXi-based virtual machines, effectively covering all security systems. The joint warning also highlights BlackMatter's destructive approach to ensure maximum impact of its ransomware: “Rather than encrypt backup systems, BlackMatter erases or reformats all devices”

Tips for mitigating vulnerabilities include segmentation of networks (instead of the centralized network approach that has historically been favored for ease of use and control capabilities), as well as the use of network monitoring tools to identify the presence of ransomware . The agencies have also provided detection signatures for BlackMatter so that cybersecurity specialists can preemptively investigate managed systems.