Feds Warn BlackMatter Ransomware Gang is Poised to Strike

2021-10-19 13:21

The advisory urges businesses to bolster defenses tied to user credentials and implement strong passwords and multi-factor authentication to better thwart an anticipated uptick in BlackMatter criminal activity.

"Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol and Server Message Block protocol to access the Active Directory to discover all hosts on the network," according to the advisory.

Because of its tactic to use stolen credentials to breach networks, some of the primary mitigations for defending against BlackMatter attacks are related to how organizations handle user authentication and thus are practical fixes.

Using the detection signatures provided to identify BlackMatter activity on a network also can block placement of the group's ransom note on the first share that is encrypted, "Subsequently blocking additional SMB traffic from the encryptor system for 24 hours," the agencies recommended.

BlackMatter already has picked up where DarkSide left off when it closed down shop in May, with significant attacks against multiple U.S. critical infrastructure organizations, including two U.S. Food and Agriculture Sector cooperatives, according to the feds.

Researchers used a sample of BlackMatter ransomware and analyzed it in a sandbox environment to glean insight into how the group infiltrates targeted networks, according to the advisory.

News URL

https://threatpost.com/feds-warn-blackmatter-ransomware-gang-is-poised-to-strike/175567/

#FED #ransomware