Security News > 2021 > July > DarkSide ransomware gang returns as new BlackMatter operation
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.
This week, a new ransomware operation known as BlackMatter emerged that is actively attacking victims and purchasing network access from other threat actors to launch new attacks.
While researching the new ransomware group, BleepingComputer found a decryptor from a BlackMatter victim and shared it with Emisosft CTO and ransomware expert Fabian Wosar.
After analyzing the decryptor, Wosar confirmed that the new BlackMatter group is using the same unique encryption methods that DarkSide had used in their attacks.
When we take the same encryption algorithms, the similar language used on the BlackMatter sites, similar craving of media attention, and similar color themes for their TOR sites, it is highly like that BlackMatter is the new DarkSide.
A rebrand from DarkSide also explains the reason the new BlackMatter group won't target the "Oil and Gas industry," which led to their previous downfall.