Ransomware group, BlackMatter, has claimed that some of its key members are no longer ‘available’ and has reported a closure of its operations effective from November 5.
In a statement attributed to the group and translated from Russian, posted on its online Ransomware-as-a-Service (RaaS) portal, it said: ‘Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed. After 48 hours, the entire infrastructure will be turned off.’
Peter Mackenzie, Director of Incident Response, Sophos, said: “The ransomware attack against Colonial Pipeline in the US earlier this year resulted in the shutting down of DarkSide ransomware who had claimed responsibility, this resulted in DarkSide returning under the new name of BlackMatter shortly after. While the name was different, the core ransomware code was not and it had the same weaknesses that allowed free decrypters to be produced. In October, a security company announced it had a decrypter for BlackMatter and had been secretly helping victims. Taking these factors into account, it is likely this is yet another ransomware group pretending to shutdown, when in reality it is just a rebrand and launch of a new improved version sometime soon in the future.”
Click below to share this article
