Report sheds light on BlackMatter, BlackCat ransomware link

A Cisco Talos report showed that the BlackCat ransomware gang, also known as ALPHV, and the BlackMatter ransomware operation had significant similarities in tactics, techniques, and procedures, The Hacker News reports. While a BlackCat representative denied that the group was a mere BlackMatter rebrand, it was revealed that the gang was composed of affiliates linked to other ransomware-as-a-service groups. "BlackCat seems to be a case of vertical business expansion. In essence, it's a way to control the upstream supply chain by making a service that is key to their business (the RaaS operator) better suited for their needs and adding another source of revenue," wrote Cisco Talos researchers Caitlin Huey and Tiago Pereira. Researchers noted the similar command-and-control address leveraged in a BlackCat attack in December and a BlackMatter attack in September suggests that BlackMatter may be one of the first groups leveraging BlackCat. "As we have seen several times before, RaaS services come and go. Their affiliates, however, are likely to simply move on to a new service. And with them, many of the TTPs are likely to persist," researchers said.