The BlackMatter ransomware group, which just a month or two ago was asking internet users to stop bombarding it with insults as it attempted to negotiate payments from its corporate victims, appears to have announced that it is now closing down its operations.
The VX-Underground Twitter account shared a screenshot of a Russian-language post from BlackMatter announcing to its affiliates that following pressure from local authorities it has been forced to shut down.
The message translates into English as:
Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed. After 48 hours, the entire infrastructure will be turned off, it is allowed to:
-Issue mail to companies for further communication.
-Get decryptors, for this write “give a decryptor” inside the company chat where they are needed.
We wish you all success, we were glad to work.
At the time of writing, the dark web website where BlackMatter offers for download the exfiltrated data of its victims remains online.
News of BlackMatter’s apparent decision to shut shop comes amid increasing pressure on ransomware gangs.
Last month cybercrime investigators claimed that FIN7 – the notorious cybercrime organisation believed to behind the Darkside and BlackMatter operations – had used the disguise of a seemingly-legitimate security firm called Bastion Secure to hire technical staff who could help them map out networks and steal data from targeted organisations.
Meanwhile, armed police stormed properties in Ukraine, arrested what Europol described as “two prolific ransomware operators” said to have participated in ransomware attacks which caused over $150 million worth of damage.
And just this weekend, the New York Times reported that the United States has “turned over the names and other details of a few hackers actively launching attacks on America.”
America’s hope is that the Kremlin will begin to show more willingness to make life harder for cybercriminals operating out of Russia.
The BlackMatter ransomware group was formed after two notorious gangs – DarkSide and REvil – closed down following high profile attacks against the likes of Colonial Pipeline, Travelex, and the world’s largest meat supplier, JBS.
It remains to be seen if this truly is the end of the BlackMatter cybercrime operation – or whether it will simply re-emerge under a new name.
But there seems little doubt – life is getting hotter by the day for ransomware gangs.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.