Infamous DarkSide ransomware reborn as new cyber threat: reports

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


A new cyber gang is in town – and tapping into the best features of ransomware used in the Colonial Pipeline attack.

That new gang, BlackMatter, is upfront about its origins, stating that it has “incorporated” the “best features” of DarkSide and two other kinds of ransomware, REvil and Lockbit, according to a statement from the BlackMatter group as noted by cybersecurity company Recorded Future.

DarkSide was identified by the U.S. government as the ransomware responsible for the Colonial Pipeline attack, which resulted in the shutdown of a major pipeline supplying fuel to the U.S. East Coast.

A man leaves a Murrphy Oil gas station as pumps are seen out of gas, Tuesday, May 11, 2021, in Kennesaw, Ga. after Colonial Pipeline halted operations because of a cyberattack. (AP Photo/Mike Stewart) 

After the attack, DarkSide posted a statement saying it was ending operations.  

CHINESE CYBERATTACKS CAN MAKE FINANCIAL INSTITUTIONS, CRITICAL INFRASTRUCTURE ‘VULNERABLE’: REP. RO KHANNA

Enter BlackMatter, which is now active on cybercrime forums.

“They’re not advertising their ransomware, however; they are recruiting affiliates…who have access to hacked enterprise networks,” according to Malwarebytes. The BlackMatter ads state that it’s seeking hacked access to corporate networks in Australia, Canada, the UK and the U.S.

Other requirements for corporations they target include revenue of at least $100 million and 500-15,000 hosts in the network, Recorded Future said.

Like other successful ransomware operations, BlackMatter is run as a business, dubbed Ransomware-as-a-service or RaaS, a knockoff of legitimate business models such as SaaS or software-as-a-service.

CYBERCRIMINALS UP THEIR GAME AS ‘CRACKING’ DRIVES BIG RISE IN HACKING TOOL DOWNLOADS

Cybersecurity news site Bleeping Computer reported attacks are happening already.

On their own site, BlackMatter says it won’t target certain industries including hospitals, critical infrastructure, the defense industry and the government sector, according to Malwarebytes.

That’s similar to past statements from DarkSide.

“Our goal is to make…

Source…