The emergence of a new threat actor in underground forums has led cybersecurity experts to speculate the outfit could perhaps just be REvil ransomware operator under a changed name.
Earlier this month, the notorious Russia-based ransomware group took all its online properties offline, leading to speculation that the group could have been hit by law enforcement agencies, following its extravagant attack against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.
Identifying themselves as BlackMatter, the new threat actor has expressed interest in purchasing access to compromised corporate networks in the US, UK, Canada, and Australia.
TechRadar needs you!
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window p>
Analysts at risk intelligence firm Flashpoint have drawn several similarities between BlackMatter and REvil regarding their tactics and policy of staying clear of medical and government institutions.
After registering on the Russian-language hacker forums, XSS and Exploit, BlackMatter made a substantial deposit of four bitcoin (about $150,000) in an escrow account, before posting its request looking for targets.
The seriousness of BlackMatter’s intent is what brought the group immediately to the attention of observers.
However, the Flashpoint researchers note that the new group could just be copycats imitating REvil’s behavior to gain immediate credibility as its reincarnation.
Furthermore, while the language of their post, and their goals clearly point to the fact that BlackMatter is a ransomware operator, the researchers suggest that one shouldn’t jump to conclusion just yet since “two posts and a large escrow account do not make a ransomware group.”
Continue reading...
Earlier this month, the notorious Russia-based ransomware group took all its online properties offline, leading to speculation that the group could have been hit by law enforcement agencies, following its extravagant attack against managed service providers (MSP) by exploiting a vulnerability in the Kaseya VSA remote management software to infect thousands of computers around the world.
Identifying themselves as BlackMatter, the new threat actor has expressed interest in purchasing access to compromised corporate networks in the US, UK, Canada, and Australia.
TechRadar needs you!
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window p>
- These are the best endpoint protection tools
- Here's our choice of the best malware removal software on the market
- Check our list of the best firewall apps and services
Analysts at risk intelligence firm Flashpoint have drawn several similarities between BlackMatter and REvil regarding their tactics and policy of staying clear of medical and government institutions.
No smoking gun
After registering on the Russian-language hacker forums, XSS and Exploit, BlackMatter made a substantial deposit of four bitcoin (about $150,000) in an escrow account, before posting its request looking for targets.
The seriousness of BlackMatter’s intent is what brought the group immediately to the attention of observers.
However, the Flashpoint researchers note that the new group could just be copycats imitating REvil’s behavior to gain immediate credibility as its reincarnation.
Furthermore, while the language of their post, and their goals clearly point to the fact that BlackMatter is a ransomware operator, the researchers suggest that one shouldn’t jump to conclusion just yet since “two posts and a large escrow account do not make a ransomware group.”
- Protect your devices with these best antivirus software
Continue reading...