BlackMatter Ransomware to Shut Down Its Operations

BlackMatter claims to be a successor of the now-defunct Darkside and REvil ransomware threat actors, who were responsible for the hacks on Colonial Pipeline and Kaseya, respectively.

What Happened?

Due to pressure from authorities and recent law enforcement operations, BlackMatter is apparently shutting down its activities.

The BlackMatter ransomware-as-a-service operation began with the particular goal of compromising business networks in the United States, Canada, Australia, and the United Kingdom that had a turnover of at least $100 million.

Ransomware-as-a-Service is an illegal ‘parent-affiliate(s)’ business architecture in which operators (i.e., harmful software owner and/or creator) provide tools to affiliates (i.e., customers) for the purpose of carrying out ransomware attacks, as Vladimir explains.

Customers may opt to split a piece of the profit with the RaaS provider, hold the earnings for themselves, or enroll in a pay-per-use plan that grants them access to updates, new harmful versions, and experimental features, depending on the contractual arrangement.

Affiliates can interact with the core operators, create support issues, and get fresh ransomware builds using BlackMatter’s private ransomware-as-a-service (RaaS) website.


A screenshot of a statement reportedly uploaded by the BlackMatter operators on the RaaS website on November 1st was supplied to security research firm

Read More: