What is the current state of cybercrime and how to select an attack target, as described by ransomware developers?
In recent years, attacks on companies and government agencies using ransomware have become active, and in May 2021, the life of the
BlackMatter ransomware targets companies with revenue of $ 100 million and more --The Record by Recorded Future
https://therecord.media/blackmatter-ransomware-targets-companies-with-revenues-of-100-million-and-more/
An interview with BlackMatter: A new ransomware group that's learning from the mistakes of DarkSide and REvil --The Record by Recorded Future
https://therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/
Black Matter, which appeared on the Cybercrime Forum in July 2021, declares that it is targeting companies that make more than $ 100 million a year in postings on the forum. However, according to The Record, no Black Matter attacks have been confirmed at the time of writing the article. The Record asked, 'No cyberattacks by BlackMatter have been identified since the introduction of BlackMatter. When did you start developing your new ransomware?' 'Ransomware development began six months ago. We're already negotiating ransom with multiple companies. We won't publish an attack unless the negotiations fail,' Black Matter said. doing.
According to BlackMatter, the newly developed ransomware mainly refers to three types of ransomware: 'LockBit ', ' REvil ', and ' Darkside'. BlackMatter says, 'LockBit has good code, but it doesn't really work very well. It's like a Japanese car with a good engine but poor interior. We have a LockBit code implementation approach. 'REvil is a proven ransomware overall. We have developed a Power Shell version of ransomware with reference to REvil.' 'Darkside has a good code base and interesting web parts. The encryption function of Darkside was very helpful, 'explains the features and points of reference for each ransomware.
Of the above three types of ransomware, the criminal group that was developing Darkside closed the store a few days after attacking Colonial Pipeline, saying that 'someone had transferred the crypto assets they owned to an unknown account.' Declared . Furthermore, on July 13, 2021, the website of the criminal group that was developing REvil that attacked JBS was suddenly shut down . In closing the website, President Biden of the United States has placed countermeasures against ransomware attacks as prioritized as countermeasures against terrorism, and President Biden has given Russian President Vladimir Putin a 'cyber attack prohibited area'. shows were believed to be such as are affected.
The United States raises the priority of responding to ransomware attacks to the same level as terrorism --GIGAZINE
In light of the above situation, The Record said, 'Recently, the major cybercriminal groups that developed Darkside and REvil have disappeared from the industry. This series of movements has changed the response to cyber attacks by the United States and Russia. Many experts have pointed out that it is influential. Is this true, and do you think Black Matter will follow the same fate? ' In response, Black Matter said, 'We believe that the withdrawal of major cybercriminal groups is related to their targets and the geopolitical situation of the world. We will carefully select and do not attack important infrastructure facilities, medical institutions, or government agencies. Therefore, we believe that we can avoid the attention of the government. ' In response to the question, 'What do you think about the attacks carried out against Colonial Pipeline and JBS? Does it make sense to attack such a large network?' I think the attack was a key factor in the withdrawal of Darkside and REvil. We are banning such attacks, 'he said, emphasizing Black Matter's careful selection of targets. ..
In fact, the site managed by BlackMatter will not attack 'infrastructure facilities such as power plants and water bureaus,' 'oil and gas pipelines and refineries,' 'defense equipment,' 'non-profit organizations,' and 'government agencies.' Is written. When asked about the criteria for finally deciding the attack target based on these conditions, Black Matter said, 'We will comprehensively judge whether attacking that target will have an adverse effect on us, and then attack the target. Has been decided. '
Finally, when asked, 'Tell us your secrets,' Black Matter said, 'We have no secrets. We believe in our country, love our families, and make money for our children.' I answered.
The location of Black Matter has not been disclosed, but the interview was conducted in Russian.
Related Posts:
