Haron and BlackMatter - two new ransomware-as-service (RaaS) programs - have emerged this month, with one group claiming to be a successor to DarkSide and REvil, the two infamous ransomware groups that have gone incognito following major attacks on Colonial Pipeline and Kaseya over the past few months.
Writing on their darknet public blog, those responsible for the new BlackMatter group said: "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit”.
However, they did promise to not strike organisations in several industries, including healthcare, critical infrastructure, oil and gas, defense, non-profit, and government sectors. They're all heart, clearly!
It’s been reported that the BlackMatter threat actor registered an account on Russian-language forums XSS and Exploit on July 19, quickly following it up with a post hinting that they are looking to attack companies with revenues of over $100 million a year, with potentially large-scale ransomware operations.
Flashpoint, the globally-trusted leader in risk intelligence, said: "The actor (BlackMatter) deposited 4BTC (approximately $150,000 USD) into their escrow account. Large deposits on the forum indicate the seriousness of the threat actor.
"BlackMatter does not openly state that they are a ransomware collective operator, which technically doesn't break the rules of the forums, though the language of their post, as well as their goals clearly indicate that they are a ransomware collective operator."
On July 27, the group is believed to have begun recruiting partners and affiliates using Exploit forum's Jabber server to spread their recruitment drive, in which they claim to be looking for experienced penetration testers knowledgeable in Windows and Linux systems as well as initial access suppliers.
BlackMatter is not the only newcomer to worry about. Haron is the latest to emerge among the cybercrime network, making its debut appearance this month. It is said to seriously borrow from past ransomware giants such as Thanos and the now defunct Avaddon.
Reporting Cyber Crime
The East Midlands Cyber Resilience Centre provides advice and guidance to protect and prevent businesses from falling victim to cyber crime. However, if you have become a victim of cyber crime, you need to know what to do next, we have all the information you need on how to report it.
Read more here: Reporting Cybercrime | EMCRC