skout-blog

Cybersecurity Threat Advisory 0071-21: BlackMatter Ransomware

Threat Update

The FBI, CISA, and NSA have released a joint advisory about the BlackMatter Ransomware gang. This group has been gaining traction with their attacks since the end of July and claims to be the successor of the Darkside and REvil ransomware groups. SKOUT Endpoint Protection already automatically blocks any associated hash values, and SKOUT Network Security Monitoring offers custom detection mechanisms for this threat. However, we also recommend following the best practices presented by the joint advisory in order to secure your assets.

Technical Detail & Additional Information

WHAT IS THE THREAT?

A recent ransomware gang is posing a serious threat to businesses, claiming to be the successor to the infamous DarkSide and REvil ransomware groups. The gang has been setting up a network of affiliates by recruiting threat actors with access to networks of large enterprises in an attempt to infect them with its ransomware. Peculiarly, they will not target healthcare organizations, critical infrastructure, organizations in the defense industry, and non-profit companies.

WHY IS IT NOTEWORTHY?

This is especially noteworthy because ransomware can cause an organization to lose a large amount of money and data if not handled properly. More and more threat actors are looking to utilize ransomware as a way to make money. Furthermore, the fact that BlackMatter seems to be targeting large corporations should be alarming to both customers and employees of that organization.

WHAT IS THE EXPOSURE OR RISK?

Ransomware is an extremely difficult threat to deal with, as it encrypts all your data and may cripple your business, causing you to lose money. Organizations should be wary of threat actors attempting to access their network in order to keep their data safe.

WHAT ARE THE RECOMMENDATIONS?

Barracuda MSP recommends the following actions to keep your organization protected against ransomware attacks:

  • Ensure you have cloud and offsite backups in place to recover your data.
  • Utilize strong passwords and enable multifactor authentication within your network.
  • Keep your systems patched and updated to guard against the latest vulnerabilities.
  • Implement network segmentation
  • Utilize the US-CERT advisory to implement other recommendations to protect yourself.

You can also leverage SKOUT Endpoint Protection and Network Security Monitoring, which will block associated hash values and offer custom detection mechanisms for this threat.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.