Article: BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says
Author: Jill McKeon
Published: Sept 09, 2021
Probably the most interesting article I’ve read all week! BlackMatter is a ransomware group that provides RaaS – Ransomware as a Service that has one motivation – $$.
BlackMatter has roots in Eastern Europe and have targeted victims North/South America and Asia with a focus on real estate, IT, F&B, architecture, education and finance sectors. Though it claims to “not target hospitals, critical infrastructure facilities, nonprofit companies, government, the defense industry, or the oil and gas industry” it is imperative to know that it’s connection to DarkSide and REvil/Sodinokibi is making that claim doubtful. (Darkside was the threat actor in the the Colonial Pipeline hack.)
The BlackMatter group makes it a business to sell credentials, VPN logins and webshells to ransomware groups.
Highly recommend you read the article. It is insightful into how bold these cybercriminals are. No longer even a secret. Now it’s a service.
Source: https://healthitsecurity.com/news/blackmatter-ransomware-attacks-threaten-healthcare-hc3-says
Hi Vanessa,
I liked the article you posted. I find it interesting that this group popped up shortly after REvil took it’s website down. It seems that these ransomware groups have no issue with continuously rebranding. If you research a specific group it appears that they have changed their name at least once or twice. Some groups are more transparent that they are changing their name where others are not as forthright and it takes analysis of their code to link the groups together (as it was in this case). It makes me wonder what the benefit of changing names/websites is for these groups. If this is truly most or some of the members of REvil then why take the website down and relaunch under a different name? It’s really fascinating that this seems to happen relatively frequently.