The BlackMatter ransomware group has announced that it will be closing shop due to law enforcement pressure that has hit its business model.
The ransomware group came into prominence early 2021 following shutdown of the DarkSide ransomware group that had terrorized a host of corporate entities across the world.
According to media reports, the BlackMatter announcement was made in a message published on the ransomware gang’s ransomware-as-a-service (RaaS) platform that’s typically used by other cybercriminals to access the BlackMatter ransomware strain.
News concerning the latest development was first shared by a member of the vx-underground infosec group who tweeted about the BlackMatter decision to exit the underground ransomware scene (See Below).
Figure 1:A screenshot of the Twitter post by vx-underground reporting on the BlackMatter exit (Source: Twitter).
The Russian-language message shared by vx-underground translates to: “owing to a number of unsolvable issues associated with pressure from the authorities (part of the team is currently unavailable, after the latest news) – project is shut. After 48 hours, the whole infrastructure will be closed down, allowing – Issue mail to firms for further communication; Get decryptor. For this, write ‘give a decryptor’ inside the company chat, where necessary. We wish you all success, we were glad to work.
What Next?
The BlackMatter ransomware group first rose into prominence in July this year after it was blamed for targeting a number of U.S. firms, including the cyberattack against the Iowa-based farm service provider called NEW Cooperative – the gang demanded a $5.9 million ransom from the company.
BlackMatter was also responsible for hitting the Japanese tech firm Olympus in September in circumstances that led the organization to shut its operations in Europe, Middle East and Africa.
Point to note, the ransomware group has made consistent ransom demands to its victims within the range of $80,000 to $15 million in digital currency. The only notable failure may be traced to a claims by Emsisoft that they were able to prevent “tens of millions of dollars” in ransom payments from reaching the BlackMatter ransomware group.
The BlackMatter announcement has raised more questions than answers concerning what exactly has driven the ransomware group to consider the shutdown.
Quite obviously, nothing really points directly to what the group meant by “latest news”, although strong indications point to the possibility that they may have been referring to recent reports concerning the resolve by U.S. and Russian governments to collaborate in combating Russian-based cybercriminal groups.
Aside from that, CISA, the FBI and the NSA shared an advisory warning about BlackMatter in context of their onslaught against “multiple” organizations that are classified as critical infrastructure.
