Ransomware - BlackMatter

BlackMatter
Description

This entry is under construction. However, we have included some details below.

Ransomware Type
Crypto-Ransomware
HumOR
RaaS
Country of Origin
Russia
First Seen
Last Seen
Alliances & Associations
Type
Alliance/Association
General Association
LockBit
Member Crossover
REvil
Extortion Links
Moyen
Lien
TOR
http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion
Extortion Types
Direct Extortion
Double Extortion
Free Data Leaks
Extortion Amounts
Amount
$4,000,000
Communication
Moyen
Identifiant
Exploit.IN
BlackMatter
Web Chat
http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion/VICTIM_IDENTIFIER>
Web Chat
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/VICTIM_IDENTIFIER>
XSS.is
BlackMatter
Encryption
Type
Hybrid
Files
Salsa20
Key
RSA-1024
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
bc1qlv2qdmylyuw62zw8qcd4n3uh84cy2edckv3ds7
XMR
85VxcvmZNvEZyED9cn5cJRFHZ8kbsmvN7cmUo6F3M6eo2xKB8KFC73DAEhqBc8yREwRjLo2pfzHtwjPoohvPcJJHMoaUCMA
File Extension
<file name>.<file extension>.fnjzk5Pze
[XXXXXXXXX]
Ransom Note Name
<9 random alphanumeric characters>.README.txt
0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99
daed41395ba663bef2c52e3d1723ac46253a9008b582bb8d9da9cb0044991720
Industry Sector Pays Extortion Date Amount (USD)
Information Technology India
Construction & Home Improvement Canada
Telecommunications United Kingdom
Banking & Finance United States
Food & Beverage
Information Technology Japan
Food & Beverage
A Blog on digital investigations: Understanding BlackMatter's API Hashing
Avertium: Threat Actor Profile – “BlackMatter” Ransomware
BleepingComputer: BlackMatter ransomware claims to be shutting down due to police pressure
BleepingComputer: BlackMatter ransomware hits medical technology giant Olympus
BleepingComputer: BlackMatter ransomware moves victims to LockBit after shutdown
BleepingComputer: BlackMatter ransomware victims quietly helped using secret decryptor
BleepingComputer: DarkSide ransomware gang returns as new BlackMatter operation
BleepingComputer: FBI: Hackers use BadUSB to target defense firms with ransomware
BleepingComputer: Linux version of BlackMatter ransomware targets VMware ESXi servers
BleepingComputer: Marketron marketing services hit by Blackmatter ransomware
BleepingComputer: Ransomware data theft tool may show a shift in extortion tactics
BleepingComputer: US farmer cooperative hit by $5.9M BlackMatter ransomware attack
BleepingComputer: US targets DarkSide ransomware and its rebrands with $10 million reward
Chuong Dong: BlackMatter Ransomware v2.0
Cipher Tech Solutions: Rapidly Evolving BlackMatter Ransomware Tactics
CISA: BlackMatter Ransomware (AA21-291A)
CISA: CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomwa…
Cisco Talos: From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
CNN: White House cyber official says ‘commitment’ by ransomware gang suggests Biden’…
Cyble: BlackMatter Ransomware Attack Impacting Multiple Financial Institutions
Cyble: Dissecting BlackMatter Ransomware
Emsisoft: Hitting the BlackMatter gang where it hurts: In the wallet
Emsisoft: Ransomware Profile: BlackMatter
Europol: 12 targeted for involvement in ransomware attacks against critical infrastructu…
Flashpoint: Chatter Indicates BlackMatter as REvil Successor
GitHub: advanced-threat-research - DarkSide-Config-Extract
Google Cloud: Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
Group-IB: BlackMatter Ransomware the Story Behind DarkSide strain
Group-IB: The Darker Things BlackMatter and their victims
GuidePoint Security: BlackMatter ransomware attacks on agriculture may cause food shortages
Infosec Institute: A full analysis of the BlackMatter ransomware
Krebs on Security: Ransomware Gangs and the Name Game Distraction
Medium: @giszevjians - Exploring BlackMatter Ransomware
Medium: @giszevjians - Exploring BlackMatter Ransomware PART 2: ELF Parsing
Medium: @giszevjians - Exploring BlackMatter Ransomware PART 3: Machine Code Visualizat…
Medium: S2W Blog - BlackMatter x Babuk : Using the same web server for sharing leaked f…
Medium: S2W Blog - Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the…
NetSecurity: BlackMatter Ransomware Analysis
Netskope: Netskope Threat Coverage: BlackMatter
Nozomi Networks: BlackMatter Ransomware Technical Analysis and Tools from Nozomi Networks Labs
Olympus Europe: Investigating potential cybersecurity incident affecting limited areas of our E…
Picus Security: BlackMatter Ransomware Analysis, TTPs and IOCs
Recorded Future: BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
Sophos: BlackMatter ransomware emerges from the shadow of DarkSide
Symantec: BlackMatter: New Data Exfiltration Tool Used in Attacks
Symantec: Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its …
TechCrunch: Technology giant Olympus hit by BlackMatter ransomware
The Crypto-Ransomware Digest: BlackMatter Ransomware
The Hacker News: Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide
The New York Times: A Rare Win in the Cat-and-Mouse Game of Ransomware
The Record from Recorded Future News: An interview with BlackMatter: A new ransomware group that's learning from the …
The Record from Recorded Future News: BlackMatter ransomware targets companies with revenue of $100 million and more
Trellix: BlackMatter Ransomware Analysis; The Dark Side Returns
Twitter | X: @fwosar - Darkside::BlackMatter
Twitter | X: @GelosSnake - BTC Wallet Blocks
Twitter | X: @vxunderground - BlackMatter shutdown
U.S. Department of Health and Human Services: Demystifying BlackMatter
Vali Cyber: BlackMatter Analysis
Varonis: BlackMatter Ransomware: In-Depth Analysis & Recommendations
YouTube: Uriel Kosayev - DarkSide Ransomware Reverse Engineering
Ransomware Tracker