Graham Cluley
Computer security news, advice, and opinion
Oh dear, what a shame, never mind.
BlackMatter ransomware gang to shut down
The BlackMatter ransomware group, which just a month or two ago was asking internet users to stop bombarding it with insults as it attempted to negotiate payments from its corporate victims, appears to have announced that it is now closing down its operations.
The VX-Underground Twitter account shared a screenshot of a Russian-language post from BlackMatter announcing to its affiliates that following pressure from local authorities it has been forced to shut down.

The message translates into English as:
Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed. After 48 hours, the entire infrastructure will be turned off, it is allowed to:
-Issue mail to companies for further communication.
-Get decryptors, for this write “give a decryptor” inside the company chat where they are needed.
We wish you all success, we were glad to work.
At the time of writing, the dark web website where BlackMatter offers for download the exfiltrated data of its victims remains online.

News of BlackMatter’s apparent decision to shut shop comes amid increasing pressure on ransomware gangs.
Last month cybercrime investigators claimed that FIN7 – the notorious cybercrime organisation believed to behind the Darkside and BlackMatter operations – had used the disguise of a seemingly-legitimate security firm called Bastion Secure to hire technical staff who could help them map out networks and steal data from targeted organisations.
Meanwhile, armed police stormed properties in Ukraine, arrested what Europol described as “two prolific ransomware operators” said to have participated in ransomware attacks which caused over $150 million worth of damage.

And just this weekend, the New York Times reported that the United States has “turned over the names and other details of a few hackers actively launching attacks on America.”
America’s hope is that the Kremlin will begin to show more willingness to make life harder for cybercriminals operating out of Russia.
The BlackMatter ransomware group was formed after two notorious gangs – DarkSide and REvil – closed down following high profile attacks against the likes of Colonial Pipeline, Travelex, and the world’s largest meat supplier, JBS.
It remains to be seen if this truly is the end of the BlackMatter cybercrime operation – or whether it will simply re-emerge under a new name.
But there seems little doubt – life is getting hotter by the day for ransomware gangs.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Your email address will not be published. Required fields are marked *

{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of this form processor to improve this message. Learn more{{/message}}
{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. Even though the server responded OK, it is possible the submission was not processed. Please contact the developer of this form processor to improve this message. Learn more{{/message}}
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Winner: Best Security Podcast 2018, 2019
Nov 4 2021
A game about Squid Game pulls the rug under cryptocurrency investors in what appears to be a scam, PayPal hackers use a devious trick to break into 2FA-protected accounts, and have you received a job offer that’s too good to be true?
Special guest: Dr Jessica Barker.
Huge thanks to Darknet Diaries’ Jack Rhysider, F-Secure’s Mikko Hyppönen, The Cyberwire’s Dave Bittner, and Host Unknown’s Andrew Agnês, Thom Langford, and Javvad Malik for their special contributions to this episode.

Apple Podcasts | Google Podcasts | Spotify | RSS

Support the podcast:
Hire Graham Cluley to be a keynote speaker at your event or webinar
Send a tip or story idea | Hire Graham Cluley to speak at your event | Sponsorship | Contact | About
Complaints/Corrections | Privacy | Terms & Conditions
Copyright © 2001-2021 Cluley Associates Limited. All Rights Reserved.