A major ransomware operation was prevented from making millions of dollars after cybersecurity researchers discovered a flaw in the ransomware that enabled encrypted files to be recovered without paying a ransom to cyber criminals.
Cybersecurity researchers at Emsisoft have detailed how they were secretly able to foil the cyber criminals behind BlackMatter ransomware, saving several victims from having to pay the ransom.
After keeping what they were doing under wraps to avoid the cyber criminals finding out, researchers have now disclosed how they were undermining BlackMatter by providing decryption keys to victims of their attacks.
BlackMatter has been active in its current incarnation since July this year, but has actually been around for a lot longer than that because the consensus among information security analysts is that BlackMatter is a rebranded version of DarkSide ransomware.
DarkSide became notorious earlier this year as the culprits behind the Colonial Pipeline ransomware attack. The incident led to shortages of gas and fuel across the US North Eastern seaboard while the criminals walked away with millions of dollars when Colonial paid the ransom.
But the impact of the attack didn’t go unnoticed and shortly after the White House vowed action against those responsible, DarkSide lost control of part of their critical infrastructure