The criminal group behind the BlackMatter ransomware announced today that it plans to close its business, citing pressure from local authorities.The organization announced its plan in a message posted on the backend of its “ransomware as a server” portal, where other criminal groups usually register to obtain the right to use BlackMatter ransomware.
This message was obtained by a member of the vx-underground information security team. The criminal group behind the BlackMatter ransomware stated in it that the project was closed due to some unsolvable circumstances and pressure from the authorities. After 48 hours, the entire infrastructure will be shut down.
Although the organization did not explain, three major incidents occurred in the past two weeks. The first of these is fromMicrosoftAnd Gemini Advisory’s report, which linked the Darkside and BlackMatter creator’s FIN7 cybercrime group with a public cybersecurity company called Bastion Secure, through which they allegedly recruited unwitting collaborators.
The second fact is that the security company EMSISoft has secretly developed a decryption tool for BlackMatter ransomware. The company has been secretly providing the tool to victims in order to avoid paying the organization’s ransom demand and affecting its profits. The third is a report in the New York Times this Sunday, announcing that the United States and Russia have begun closer cooperation to combat Russia-based cybercrimes and ransomware groups. This is important because the FIN7 Group has traditionally been considered to operate within Russia.
FIN7’s recent statement was also made after the operators and members of multiple ransomware operations were hunted and arrested around the world this summer. For example, in their previous Darkside ransomware, the servers of the FIN7 group were hacked and cryptocurrency funds were stolen. During the period when ransomware gangs are facing tremendous pressure, this year’s attacks have reached the highest level in history, and some attacks have caused major problems around the world. Examples here include the Darkside ransomware attack on Colonial Pipeline (causing fuel supply problems on the East Coast of the United States), the REvil attack on JBS Foods Inc. (destroying the meat supply throughout the United States), and the REvil attack on Kaseya (destroying the Thousands of companies worldwide).
As Jeff Moss, the founder of the Black Hat and DEF CON Security Conference, said on Twitter earlier today, law enforcement agencies usually know the identities of most ransomware operators, but they also know that because of Russia’s non-cooperative behavior, they cannot For some groups, this situation seems to be changing.