New Zealand Cybersecurity Company Helps Squelch BlackMatter Ransomware Scheme

By

A New Zealand-based cybersecurity company is doing its best to help out victims of the BlackMatter ransomware operation. Emsisoft has helped prevent tens of millions of dollars in ransom payments and is actively putting an end to the BlackMatter scheme.

A successor to the DarkSide ransomware operation, which was behind the Colonial Pipeline attack, BlackMatter came on the scene in July. The ransomware scheme specifically targeted organizations known as critical infrastructure, including two within the U.S. food and agriculture industry. This made BlackMatter the subject of a CISA warning. It was also behind a recent attack on Japanese tech company Olympus, forcing it to shut down its EMEA operations.

Cybersecurity expert Emsisoft, which specializes in smart virus and malware protection, discovered a vulnerability in BlackMatter's encryption process that enabled the company to recover encrypted files without having to pay a ransom. The vulnerability was discovered earlier this year, but Emsisoft did not reveal it until recently so that BlackMatter would not have a chance to fix the flaw.

“Knowing DarkSide’s past mistakes, we were surprised when BlackMatter introduced a change to their ransomware payload that allowed us to once again recover victims’ data without the need for a ransom to be paid,” said Fabian Wosar, CTO of Emsisoft, in a blog post. “Since then, we have been busy helping BlackMatter victims recover their data. With the help of law enforcement agencies, CERTs and private sector partners in multiple countries, we were able to reach numerous victims, helping them avoid tens of millions of dollars in demands.”

Emsisoft alerted law enforcement after discovering the vulnerability, along with ransomware negotiations firms, incident response companies, national CERTs and trusted partners. BlackMatter victims were then referred to Emsisoft to recover their files instead of being forced to pay a ransom. The company says it is able to help BlackMatter victims who were encrypted before the end of September.

“This may well be the end of the BlackMatter brand,” said Brett Callow, a threat analyst at Emsisoft. "This is the second time their errors have cost their affiliates money, and the affiliates will likely not be too pleased about that. Unfortunately, even if the brand does end, the operators will likely return with a new one. In the past, the risk/reward ratio was heavily skewed to ‘reward.’ This effort demonstrates the public-private sector collaboration can swing the needle, and that’s a key element to combatting the ransomware problem. The less profitable it is, the less incentive the threat actors have.”




Edited by Luke Bellos
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributing Editor

SHARE THIS ARTICLE
Related Articles

Spotify's AI DJ is Gaining Traction, Expanding into New Markets

By: Alex Passett    6/1/2023

Music streaming giant Spotify previously launched its AI DJ feature in the U.S. and Canada, and now the U.K. and Ireland, as well. This AI-powered DJ …

Read More

Scepter, ExxonMobil and AWS to Develop Innovative Platform for Methane Monitoring

By: Greg Tavarez    6/1/2023

Scepter and ExxonMobil joined forces with AWS to develop an innovative data analytics platform aimed at characterizing and quantifying methane emissio…

Read More

Prepare for Impact: AI Will Revolutionize Every Organization, Application, and Service

By: Reece Loftus    5/30/2023

The opportunity cost in not embracing AI is very real because of the ways AI improves productivity and quality and reduces cost at an unprecedented ra…

Read More

NextPlane's Affordable Microsoft Teams PSTN Calling Solution for UCaaS and Service Providers

By: TMCnet Staff    5/23/2023

NextPlane's Affordable Microsoft Teams PSTN Calling Solution for UCaaS and Service Providers

Read More

5 Gmail Security Tips Every Business Should Know

By: Contributing Writer    5/17/2023

Gmail security refers to the various features and best practices implemented by Google to protect Gmail users' accounts and data from unauthorized acc…

Read More