FBI and other U.S. government agencies, releasing advisory on Blackmatter ransomware

Alert (AA21-291A): Blackmatter Ransomware

According to Advisari, the first BLACKMATTER, which was first discovered in July 2021, is a "Ransomware as a Service" tool that gains profit by providing ransomware function to actual attack actors.。It has been pointed out that the tendency of the attack may change the brand of RaaS "DARKSIDE", which was active from September 2020 to May 2021.

Blackmatter is infected with the target host, enumerating running services and processes, and detects all the accessories accessed using the qualifications embedded in the LDAP and SMB protocols.Then, the detected shared host is remotely encrypted through an SMB protocol.For backup systems, it may be wiped (erased) or re -format instead of encryption.

CISA, FBI, and NSA have called for the following easing to reduce the risk of infringement caused by Blackmatter ransomware.

If a company is affected by ransomware, it may be difficult to continue the business and cause irreparable damage.Attack groups may request ransom in exchange for data recovery, but there is no guarantee that even if you pay ranso, the damaged data will be restored correctly.Therefore, it is not recommended to pay a ransom.

Therefore, it is important to strengthen measures for ransomware before being damaged.For general measures to alleviate the risk of ransomware attacks, refer to the following guidelines (PDF documents) published by CISA.