BlackMatter Ransomware Claims to Follow REvil & DarkSide

  /     /     /  
Publicated : 23/11/2024   Category : security


BlackMatter Ransomware Claims to Follow REvil & DarkSide


A new ransomware-as-a-service appears with tools and techniques from DarkSide, REvil, and LockBit 2.0.



BlackMatter, a new ransomware-as-a-service (RaaS), has appeared on the threat landscape and brought tools and techniques from DarkSide, REvil, and the still-active LockBit 2.0.
SophosLabs researchers took a closer look at the malware, which emerged after DarkSide RaaS shut down its operations after an affiliate hit
Colonial Pipeline
, and after REvil went dark after its
attack on Kaseya
. BlackMatters operators claim their ransomware incorporates the best features of DarkSide, REvil, and LockBit 2.0, and while they are close to DarkSide operators, they are not the same group.
There are a number of factors that suggest a connection between BlackMatter and DarkSide, states SophosLabs Mark Loman in a blog post. However, this is not simply a rebranding from one to another. Malware analysis shows that while there are similarities with DarkSide ransomware, the code is not identical.
Their similarities include a partial encryption scheme, which BlackMatter, DarkSide, and LockBit 2.0 all use. They only encrypt a portion of the entire file, which shortens the duration of an attack because a small amount of the file is read and overwritten.
Like REvil, LockBit 2.0, and DarkSide, BlackMatter tries to elevate privileges when limited by User Account Control. And like DarkSide and REvil, it uses a runtime API that can hamper static analysis of the ransomware. Researchers note that the way in which the runtime API and string decryption function in BlackMatter is similar to the same functionality in DarkSide and REvil.
Read the
full blog post
for more details on similarities in the ransomware.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BlackMatter Ransomware Claims to Follow REvil & DarkSide