BlackMatter operators are running ransomware as a service (RaaS) model that can be used by hackers where they can compromise networks and install the ransomware on servers and PCs.
- The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) have released a joint advisory regarding BlackMatter ransomwareas-a-service.
- BlackMatter is a rebranded version of Russian ransomware DarkSide, a RaaS which was active from September 2020 through May 2021.
- BlackMatter group also posted ads on two cybercrime forums named Exploit[.]in, and XSS[.]is.
- Ransomware operators are not targeting Hospitals, Defense industry, Oil and gas industry, Government sectors, and Non-profit companies.
- The Windows ransomware variant was successfully tested on Windows Server 2003+ x86/x64 and Windows 7+ x64 / x86. The Linux ransomware variant was successfully tested on ESXI 5+, Ubuntu, Debian, and CentOs. Supported file systems for Linux include VMFS, VFFS, NFS, VSAN.