BlackMatter ransomware to shut down, affiliates transferring victims to LockBit

attack on Colonial PipelineIn messages obtained by a member of the vx-underground group, the prolific BlackMatter ransomware group has said it is closing shop due to increased law enforcement pressure. 

The group — hawking a rebranded version of the DarkSide ransomware used to attack Colonial Pipeline earlier this year — posted a message on its private ransomware-as-a-service website on November 1st saying some members of the gang are “no longer available” after “the latest news.”

“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) — project is closed,” the group wrote. 

“After 48 hours the entire infrastructure will be turned off, allowing: Issue mail to companies for further communication [and] Get decryptor. For this write ‘give a decryptor’ inside the company chat, where necessary. We wish you all success, we were glad to work.” 

While the group did not explain what they meant by “the latest news,” there are a variety of stories tied to the ransomware gang’s activities over the last two months. 

After closing shop to due law enforcement scrutiny following the attack on Colonial Pipeline in May, the group re-emerged in July under the “BlackMatter” banner. They attacked

Read More: