The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group.

The government’s Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, following a series of BlackMatter ransomware attacks since July 2021 targeting US critical infrastructure, including two American organisations working in the food and agriculture sector.

The BlackMatter ransomware, which came to prominence earlier this year following the demise of the notorious REvil and DarkSide ransomware gangs, is a ransomware-as-a-service (RaaS) operation that provides other cybercriminals with the technology needed to exfiltrate information from corporations, encrypt their data, and demand a costly ransom.

blackmatter-ransom
BlackMatter ransom demand

Effectively this means that the BlackMatter ransomware is not just in the hands of sophisticated cybercriminals, but also less-technical groups and individuals who may not normally have the skillset to pull off such an attack.

As the alert explains, BlackMatter uses previously-compromised usernames and passwords to spread across compromised networks, remotely encrypting computers and shared drives as they are found before ultimately demanding a ransom payment is made in cryptocurrency.

Readme
BlackMatter ransom README file

Law enforcement agencies, according to the CISA alert, are advising that all organisations take steps to harden their defences and reduce the chance of a successful infection by the BlackMatter ransomware:

“Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks.”

Amongst the detailed advice included in the alert on how to protect against the BlackMatter ransomware and mitigate the threat are the following suggestions: