BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities.
BleepingComputer became aware of a victim that paid a $4 million ransom to BlackMatter gang. The company received by the cybercriminals gang both Windows and Linux ESXi decryptors.
BleepingComputer shared a decryptor from a BlackMatter victim with Emisosft CTO Fabian Wosar who confirmed that the new ransomware gang is using the same unique encryption methods (a custom implementation of Salsa20 matrix) implemented by the DarkSide.
DarkSide also used an RSA-1024 implementation unique to their encryptor, which is the same used by BlackMatter.
The above and other similarities, such as the similar text on the leak sites, suggest that BlackMatter rebrand from DarkSide.
On its leak site BlackMatter states that it doesn’t attack:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, BlackMatter)
[adrotate banner=”5″]
[adrotate banner=”13″]
Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This website uses cookies.