Technical Details Overview First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based…
Category: Malware
Student and personnel files from Manhasset Union Free School District appear on the dark web (UPDATED)
On October 7, the Manhasset Union Free School District revealed that it may have been the victim of a ransomware attack. There can no longer be any doubt that they were attacked. Over the weekend, Vice Society threat actors dumped the district’s data on their dark web leak site. Inspection of some of the files…
Sinclair TV network crippled by potential ransomware attack
Sergiu Gatlan reports: TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer a ransomware attack caused the downtime. Sinclair Broadcast Group is a Fortune 500 media company (with annual revenues of $5.9 billion in 2020) and a leading local sports and…
REvil ransomware shuts down again after Tor sites were hijacked
Lawrence Abrams reports: The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog. The Tor sites went offline earlier today, with a threat actor affiliated with the REvil operation posting to the XSS hacking forum that someone hijacked the gang’s domains. Read…
Twitter suspends two accounts used by DPRK hackers to catfish security researchers
Catalin Cimpanu reports: Twitter has suspended today two accounts operated by North Korean government hackers and used as part of a clever plot to attract security researchers to malicious sites and infect their systems with malware. The accounts —@lagal1990 and @shiftrows13— are part of a long-lived DPRK cyber-espionage campaign that began last year and specifically targets members…
US Treasury said it tied $5.2 billion in BTC transactions to ransomware payments
Catalin Cimpanu reports: The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments. FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the last…