The hackers behind the BlackMatter ransomware the termination of activity experiencing pressure from local authorities.
The group announced it was “shutting down” on November 1, 2021, in the backend part of its darknet site, which is usually used by attackers’ partners.
Representatives of the group did not explain what kind of pressure they are talking about, but this statement was published after a number of major events that have occurred in recent weeks.
First, Microsoft and Gemini Advisory recently linked the FIN7 criminal group (believed to be the developer of the DarkSide and BlackMatter malware) with the fake information security company Bastion Secure, which was looking for and hiring researchers.
Secondly, last week it was revealed that Emsisoft secretly created a decryptor for BlackMatter, which was provided victims so that they did not pay ransoms, and this considerably declined hackers’ profits.
Third, the New York Times reported over the weekend that Russia and the United States have begun closer cooperation to combat Russian-based cybercriminals and extortion groups. Let me remind you that FIN7 is a Russian-speaking group, and it is believed that it operates from Russia.
Fourth, the REvil ransomware recently shut down (for the second time this year), which, according to media reports, has been taken seriously by law enforcement agencies.
Fifth, what is happening may be associated with a large-scale operation by law enforcement agencies, during which 12 people responsible for 1,800 extortion attacks were recently detained.
It is also worth remembering that this is not the first time that hackers have stopped their activities. For example, the BlackMatter ransomware is considered the “successor” of the DarkSide malware, which stopped working in May of this year after the scandalous attack on the Colonial Pipeline company, which drew too close attention of the authorities to hackers.
On Twitter, the founder of the well-known information security conferences Black Hat and DEF CON, Jeff Moss, notes that ransomware is half a political issue, and law enforcement agencies usually know the identities of most of the malware operators, but they cannot pursue these hack groups from due to Russia’s unwillingness to cooperate.
According to BlackMatter, it can be assumed that the situation has changed, although many cybersecurity experts already predict a new “rebranding” of the group and its early return.