BlackMatter ransomware gang to shut down

Oh dear, what a shame, never mind.

Graham Cluley
Graham Cluley
@[email protected]

BlackMatter ransomware gang to shut down

The BlackMatter ransomware group, which just a month or two ago was asking internet users to stop bombarding it with insults as it attempted to negotiate payments from its corporate victims, appears to have announced that it is now closing down its operations.

The VX-Underground Twitter account shared a screenshot of a Russian-language post from BlackMatter announcing to its affiliates that following pressure from local authorities it has been forced to shut down.

Blackmatter post

The message translates into English as:

Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed. After 48 hours, the entire infrastructure will be turned off, it is allowed to:

-Issue mail to companies for further communication.
-Get decryptors, for this write “give a decryptor” inside the company chat where they are needed.

We wish you all success, we were glad to work.

At the time of writing, the dark web website where BlackMatter offers for download the exfiltrated data of its victims remains online.

Blackmatter site

News of BlackMatter’s apparent decision to shut shop comes amid increasing pressure on ransomware gangs.

Last month cybercrime investigators claimed that FIN7 – the notorious cybercrime organisation believed to behind the Darkside and BlackMatter operations – had used the disguise of a seemingly-legitimate security firm called Bastion Secure to hire technical staff who could help them map out networks and steal data from targeted organisations.

Meanwhile, armed police stormed properties in Ukraine, arrested what Europol described as “two prolific ransomware operators” said to have participated in ransomware attacks which caused over $150 million worth of damage.

Кіберполіція викрила хакера у здійсненні вірусних атак на понад 100 іноземних компаній

And just this weekend, the New York Times reported that the United States has “turned over the names and other details of a few hackers actively launching attacks on America.”

America’s hope is that the Kremlin will begin to show more willingness to make life harder for cybercriminals operating out of Russia.

Sign up to our free newsletter.
Security news, advice, and tips.

The BlackMatter ransomware group was formed after two notorious gangs – DarkSide and REvil – closed down following high profile attacks against the likes of Colonial Pipeline, Travelex, and the world’s largest meat supplier, JBS.

It remains to be seen if this truly is the end of the BlackMatter cybercrime operation – or whether it will simply re-emerge under a new name.

But there seems little doubt – life is getting hotter by the day for ransomware gangs.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.