An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.
Federal authorities are warning businesses to shore up cybersecurity defenses as it carefully monitors the reemergence of the DarkSide ransomware gang, believed responsible for the crippling Colonial Pipeline attack in May 2021.
The ransomware-as-a-service gang has regrouped under the moniker BlackMatter, according to a joint advisory posted Monday by the Cybersecurity and Infrastructure Security Agency (CISA), FBI and the National Security Agency (NSA).
The advisory urges businesses to bolster defenses tied to user credentials and implement strong passwords and multi-factor authentication (MFA) to better thwart an anticipated uptick in BlackMatter criminal activity.
The joint advisory also details what it believes are DarkSide tactics used by the BlackMatter group since they began tracking the revamped criminal organization in July 2021.
Mitigations and Recommendations
The advisory offers cyber defense tips and potential mitigations for attacks.
“Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network,”