Recently, attacks on companies and government agencies using ransomware are becoming more active. It suffered from ransomware attacks one after another. In July 2021, a cybercriminal group claiming to have developed powerful ransomware by combining the ransomware features used in these attacks appeared on the BlackMatter crime forum and interviewed them.
Black Matter, who appeared on a cybercrime forum in July 2021, declared in a forum post that it was targeting companies that were making more than $100 million a year in revenue. However, according to reports, there have been no confirmed cases of Black Matter attacks. He asked when did he start developing the newly developed ransomware, saying that no cyber attacks by Black Matter have been confirmed since Black Matter appeared. Black Matter said that the development of ransomware started six months ago and is already negotiating ransom with several companies.
According to Black Matter, the newly developed ransomware mainly recommends three types of ransomware (LockBit, REvil, and Darkside). Black Matter said that in the case of Lockbeat, the code itself is excellent, but in reality, it does not work very well. In addition, Reville said that it was a ransomware with a high performance overall, and developed a version of the ransomware Power Shell referring to the level. Darkseid explained the advantages of each ransomware by saying that it has an excellent code base and interesting web parts, and that the Darkseid encryption function was very helpful.
Among these three types of ransomware, the criminal group that developed Darkseid declared a closure a few days after attacking the Colonial Pipeline, claiming that someone had transferred the crypto assets it owned to an unknown account. Also on July 13, 2021, the website of the criminal group that developed the level that attacked JBS abruptly shut down. It is said that the shutdown of the website was influenced by US President Biden’s prioritization of ransomware attacks as an equal priority to counter-terrorism measures, and President Biden’s designation of a cyber-attack-free zone for Russian President Putin. can
Based on this situation, some point out that the recent disappearance of the major cybercriminal groups that developed Darkseid and Revil from the industry was influenced by changes in response to cyberattacks by the United States and Russia. When asked about this atmosphere, Black Matter said that the withdrawal of major cybercriminal groups was related to the target of the attack and the global geopolitical situation. He said that he thought he could avoid the government’s attention. When asked what they think of the attacks carried out on the Colonial Pipeline or JBSQ, they said that they thought that the attack was an important factor in the withdrawal of the Dark Side and the level. emphasized.
The site managed by Black Matter also records that it does not attack infrastructure facilities such as power plants and water bureaus, oil and gas pipelines, smelters, defense facilities, non-profit organizations, and government agencies. When asked about the criteria for determining the final target of attack in consideration of these conditions, Black Matter replied that the target was attacked and the target was determined by comprehensively judging whether or not there was any adverse effect on the target.
Finally, Black Matter said that they have no secrets, they believe in their country, love their family, and make money for their children. The Black Matter base is not clear, but it is said that the interview was conducted in Russian. Related information can be found here.