Security News > 2021 > July > New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums

New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums
2021-07-29 07:51

Two new ransomware-as-service programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.

"The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the operators behind the new BlackMatter group said in their darknet public blog, making promises to not strike organizations in several industries, including healthcare, critical infrastructure, oil and gas, defense, non-profit, and government sectors.

According to Flashpoint, the BlackMatter threat actor registered an account on Russian-language forums XSS and Exploit on July 19, quickly following it up with a post stating they are looking to purchase access to infected corporate networks comprising anywhere between 500 and 15,000 hosts in the U.S., Canada, Australia, and the U.K. and with revenues of over $100 million a year, potentially hinting at a large-scale ransomware operation.

"BlackMatter does not openly state that they are a ransomware collective operator, which technically doesn't break the rules of the forums, though the language of their post, as well as their goals clearly indicate that they are a ransomware collective operator."

Last month, enterprise security firm Proofpoint disclosed how ransomware gangs are increasingly buying access from independent cybercriminal groups who infiltrate major targets and then supply them with an entry point to deploy data theft and encryption operations in exchange for a slice of the ill-gotten gains.

The emergence of BlackMatter coincides with the demise of DarkSide and REvil in the wake of highly publicized ransomware incidents of Colonial Pipeline, JBS, and Kaseya, raising speculations that the groups may eventually rebrand and resurface under a new identity.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/94ZIBwf3J0I/new-ransomware-gangs-haron-and.html