BlackMatter cybercriminal group announced that it is shutting down operations, citing pressures from law enforcement authorities. Active since July 2021, BlackMatter offers ransomware-as-a-service (Raas), enabling threat actors and cybercriminal affiliates to deploy ransomware. BlackMatter operators have targeted several critical infrastructures in the U.S. and demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero.
The Shutdown
Cybersecurity research group VX-Underground, in a tweet, shared the message posted by the BlackMatter group, which claimed that they are shutting down their ransomware operations in the next 48 hours.
BlackMatter ransomware group has announced they’re shutting down operations following pressure from local authorities – they state key members are no longer ‘available’.
Image 1. BlackMatter RaaS announcement of operations shutting down
Image 2. Russian translated to English pic.twitter.com/E4RWWAX7Hg
— vx-underground (@vxunderground) November 3, 2021
The BlackMatter gang is suspected to be a successor of the DarkSide ransomware group, responsible for the infamous cyberattack on Colonial Pipeline. Several security experts claimed that BlackMatter incorporated attack techniques of DarkSide, REvil, and LockBit ransomware groups.
What Led to BlackMatter’s Demise?
While the operators behind BlackMatter have not revealed much about their shutdown, the cybersecurity community opined that the recent cybersecurity initiatives may have forced the group to shut shop.
Recently, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI jointly released a cybersecurity advisory about the infamous BlackMatter ransomware group, with information on its tactics, techniques, and procedures (TTPs). The Biden Administration recently hosted a 30-nation Counter-Ransomware Initiative conference to address the growing ransomware landscape.
Would BlackMatter Return?
It’s common for cybercriminal groups to cease operations and come back with different names and tactics. A few months ago, DarkSide group announced its shutdown; however, it later came back as BlackMatter.
The Last Victim
Farm services provider NEW Cooperative was the last victim of BlackMatter ransomware. The group reportedly compromised and infected NEW’s network systems and demanded a ransom of $5.9 million for restoration.
Earlier, BlackMatter stated that they wouldn’t attack critical infrastructures such as health care facilities, the defense industry, nuclear power plants, water treatment facilities, the oil and gas industry, non-profit organizations, and government agencies. However, it targeted critical firms, causing severe damage to the consumer economy.