Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation.

BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities.

BleepingComputer became aware of a victim that paid a $4 million ransom to BlackMatter gang. The company received by the cybercriminals gang both Windows and Linux ESXi decryptors.

BleepingComputer shared a decryptor from a BlackMatter victim with Emisosft CTO Fabian Wosar who confirmed that the new ransomware gang is using the same unique encryption methods (a custom implementation of Salsa20 matrix) implemented by the DarkSide.

DarkSide also used an RSA-1024 implementation unique to their encryptor, which is the same used by BlackMatter.

The above and other similarities, such as the similar text on the leak sites, suggest that BlackMatter rebrand from DarkSide.

BlackMatter ransomware Darkside

On its leak site BlackMatter states that it doesn’t attack:

  • Hospitals.
  • Critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities).
  • Oil and gas industry (pipelines, oil refineries).
  • Defense industry.
  • Non-profit companies.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, BlackMatter)

The post More evidence suggests that DarkSide and BlackMatter are the same group appeared first on Security Affairs.

You May Also Like

REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims

REvil ransomware is demanding $70 million for decrypting all systems locked during…

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The attackers have spruced up the ‘vncDll’ module used for spying on…

US Senate Approves Jen Easterly As CISA Director

After Weeks of Delays, Easterly’s Nomination Is Unanimously Approved by Voice VoteAfter…