Ransomware, Threat Management

CISA, FBI, and NSA issue advisory on BlackMatter ransomware

Share
Fuel holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021, in Woodbridge, N.J. (Photo by Michael M. Santiago/Getty Images)
Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021, in Woodbridge, N.J. The Dark Side ransomware group responsible for the cyberattack on Colonial Pipeline, rebranded as BlackMatter. (Photo by Michael M. Santiago/Getty Images)

CISA, the FBI and NSA issued a warning to U.S. critical infrastructure Monday about BlackMatter, following attacks on agricultural firms NEW Cooperative and Crystal Valley.

BlackMatter, a rebranding of the group behind Dark Side ransomware, operates as ransomware as a service, where affiliates pay BlackMatter a commission to use the ransomware. Beyond infections at NEW Cooperative and Crystal Valley, it has also appeared at Idaho marketer Marketron and Japanese camera maker Olympus.

“The threat of ransomware goes beyond specific impacts to a victim company — it has risen to a national security issue,” Rob Joyce, director of cybersecurity at NSA, said in a statement.

The group has been active since July. Dark Side operated until international attention from its use in the Colonial Pipeline ransom garnered overwhelming international attention.

Information to detect, remediate and repel BlackMatter have been previously documented, but are included in the advisory, as well as common tips to avoid ransomware.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Related Events

Related Terms

BackdoorBotnetCorruptionDNS SpoofingDeepfakeDenial of ServiceDictionary AttackDisruptionDistributed ScansDrive-by Download

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.