BlackMatter Bug Saved Victims Millions in Ransom Payments
Security researchers claim to have saved BlackMatter ransomware victims millions over the past few months after exploiting a bug they found in the malware to recover files for free.
Emsisoft CTO, Fabian Wosar, explained in a blog post yesterday that the security vendor has been building decryption tools and services to help speedy recovery from ransomware for a decade.
One of its most fruitful efforts is to search for vulnerabilities in the code of ransomware variants and exploit them for the benefit of customers. However, for this scheme to work without alerting the ransomware developers, it must happen covertly.
"Publicly disclosing the existence of a flaw in ransomware can alert the threat actors to its existence, resulting in them immediately fixing the problem. Consequently, in the case of gangs that we believe to be technically sophisticated — such as DarkSide/BlackMatter — we do not publicly announce or disclose the existence of vulnerabilities,” said Wosar.
“Instead, we communicate our decryption capabilities in private via a network of law enforcement agencies and trusted parties. In our opinion, this approach enables us to help as many victims for as long as possible. Additionally, it creates an incentive