BlackMatter ransomware says its shutting down due to pressure from local authorities

BlackMatter-shutdown-message

The criminal group behind the BlackMatter ransomware have announced plans today to shut down their operation, citing pressure from local authorities.

The group announced its plan in a message posted in the backend of their Ransomware-as-a-Service portal, where other criminal groups typically register in order to get access to the BlackMatter ransomware strain.

The message, obtained by a member of the vx-underground infosec group, is pictured above and translated below:

Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) – the project is closed. After 48 hours, the entire infrastructure will be turned off, it is allowed to:

-Issue mail to companies for further communication.
-Get decryptors, for this write “give a decryptor” inside the company chat where they are needed.

We wish you all success, we were glad to work. 

The news of the shutdown comes after two major events that have taken place over the past two weeks.

The first was a report from Microsoft and Gemini Advisory that linked the FIN7 cybercrime group, considered the creators of the Darkside and BlackMatter strains, to a public cybersecurity firm named Bastion Secure, through which they allegedly recruited unwitting collaborators.

The second was a report from the New York Times this Sunday that announced that the US and Russia had started a closer collaboration aimed at cracking down among Russia-based cybercrime and ransomware gangs, among others. The FIN7 group has been historically believed to be based in Russia.

The move also comes after the operators and members of multiple ransomware operations have been hunted and arrested all over the world. For example, the REvil ransomware service also shut down for a second time in October, after law enforcement backdoored and hijacked their dark web servers, and Europol detained a Ukrainian group who orchestrated the ransomware attack on aluminum producer Norsk Hydro.

The post BlackMatter ransomware says its shutting down due to pressure from local authorities appeared first on The Record by Recorded Future.

Article Link: BlackMatter ransomware says its shutting down due to pressure from local authorities