Cybersecurity Threat Advisory: BlackMatter Ransomware

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) released a joint advisory about the BlackMatter ransomware gang. This group has been gaining traction with its attacks since the end of July and claims to be the successor of the Darkside and REvil ransomware groups.

What Is the Threat?

The BlackMatter ransomware gang has been setting up a network of affiliates by recruiting cyberattackers with access to networks of large enterprises in an attempt to infect them with its ransomware. Peculiarly, they will not target healthcare organizations, critical infrastructure, organizations in the defense industry, and non-profit companies.

Why Is it Noteworthy?

This is especially noteworthy because a ransomware attack can cause an organization to lose a large amount of money and data if not handled properly. More and more cyberattackers are looking to utilize ransomware as a way to make money. Further, the fact that BlackMatter seems to be targeting large corporations should be alarming to both customers and employees of such organizations.

What Is the Risk?

Ransomware is an extremely difficult threat to deal with, as it encrypts all of an organization’s data and may cripple its business. Such attacks can cause organizations to lose significant amounts of money, through lost business and/or ransom payments. To keep their data safe, organizations should be wary of cyberattackers attempting to access their networks and systems.

What Are the Recommendations?

MCP recommends the following actions to keep your organization protected against ransomware attacks:

• Ensure that your organization has cloud and offsite backups in place, which will make data recovery faster and easier
• Utilize strong passwords and enable multifactor authentication within your organization’s networks and systems
• Keep your networks and systems patched and updated to guard against the latest vulnerabilities
• Implement network segmentation
• Utilize the United States Computer Emergency Readiness Team (US-CERT) advisory to implement other recommendations to protect your organization’s networks, systems, and data

References

For more in-depth information about the recommendations, please visit the following links:

• https://thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html
• https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
• https://osint.fans/bulletproftlink-phishing-service-p1

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety and justice entities and other critical infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.