Posted On 27 Nov 2021

The US government has released a warning about the BlackMatter ransomware attack on key infrastructure.
Following a series of BlackMatter ransomware assaults targeting US vital infrastructure, including two American organizations working in the food and agricultural sector, the government’s Cybersecurity & Infrastructure Security Agency (CISA) issued the notice early last week.

The BlackMatter ransomware, which rose to prominence earlier this year after the demise of the notorious REvil and DarkSide ransomware gangs, is a ransomware-as-a-service (RaaS) operation that provides cybercriminals with the technology they need to steal data from businesses, encrypt it, and demand a large ransom.

This effectively implies that the BlackMatter ransomware is in the hands of not just professional hackers but also less technical groups and individuals who may not otherwise possess the necessary ability to carry out such an assault.
According to the notice, BlackMatter spreads across infected networks by using previously obtained identities and passwords, remotely encrypting machines and shared files when they are discovered, and then demanding a ransom payment in bitcoin.

According to the CISA advisory, law enforcement authorities are encouraging all organizations to take the following actions to strengthen their defenses and limit the risk of a successful infection by the BlackMatter ransomware:
• Policies and procedures for backup and restoration should be implemented and enforced.
• Use strong, one-of-a-kind passwords.
• Multifactor authentication should be used.
• Network segmentation and traversal monitoring should be implemented.

CISA claims that BlackMatter actors have demanded ransom payments in Bitcoin and Monero ranging from $80,000 to $15,000,000, and that it, along with the NSA and FBI, strongly opposes ransom payments because they encourage others to launch ransomware attacks and do not guarantee that files will be recovered.