01 August 2021

DarkSide Ransomware Returns as BlackMatter

Did anyone (aside from some bureaucrats in Washington, DC) really think that the people behind DarkSide were going to go sit on a beach? DarkSide ransomware gang returns as new BlackMatter operation

DarkSide disappeared in May, after the very visible attack on Colonial Pipeline which caused fuel shortages, and brought all kinds of heat. Now they are back.

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.

Click thru for the details on how that determination was made.

But again, are we surprised? Bleeping computer has found one incident where DarkMatter was paid $4 million this week. Did we think a group of determined bad guys was going to walk away from that kind of payday? Especially after that is about the amount the FBI managed to confiscate after the Colonial Pipeline hack.

Ransomware is going to get worse, before it gets better. PrintNightmare, Serious SAM, an attack on the Security Account Manager, and an attack on the NT LAN Manager. All that makes it somewhat easy to get into a system, or escalate privleges once you are in. That doesn't even touch on WordPress, and its plugin ecosystem. There are problems there.

No comments:

Post a Comment

Be Nice. Arguments are welcome. Personal Attacks will be deleted