Security researchers outsmart BlackMatter ransomware by discovering a flaw within its payloads

November 12, 2021
BlackMatter Ransomware Flaw Threat Group Cybercrime DarkSide Colonial Pipeline

A flaw in the BlackMatter ransomware threat actors’ code that had them lost millions in profit was discovered by cybersecurity researchers. The flaw enables the recovery of encrypted data without needing to pay ransom demands to the threat actors. 

BlackMatter’s existence in the cybercrime ecosystem has been longer than its current re-emergence after temporarily leaving the scene. Analysts believed that the DarkSide ransomware is a rebranded version of BlackMatter. The DarkSide ransomware is also the threat group being pointed to be the mastermind behind the Colonial Pipeline attack earlier this year. 

DarkSide’s cryptocurrency wallet was seized, and its critical infrastructure lost its control. The American government sought to press appropriate charges against the responsible threat group. Afterward, the threat group disappeared once again. 

Despite being under fire against the eyes of the American government, DarkSide has once again appeared as its former name BlackMatter. The threat group executed a series of ransomware attacks against North American firms. 

Black Matter claimed that they would not attack the health sector and state institutions in the underground forums, which was proven false after the threat group had targeted agricultural organisations and blood testing facilities. Security analysts stressed that BlackMatter only has empty claims since they specifically targeted the sectors that they mentioned they would not. They are also confused about why the threat group would go after these sectors considering the noise they brought upon attacking the Colonial Pipeline. 

By the end of 2020, security researchers found a flaw in DarkSide’s operations that allows data decryption from a Windows version of the ransomware. The discovery of this flaw is a solution for victims not to pay the ransom demands and still decrypt their data. Unfortunately, the threat group was able to fix this flaw by January 2021. 

 

As the BlackMatter ransomware group decided to reappear, security researchers have also rediscovered the flaw that allows the victims to decrypt their data without paying the ransom  demanded by the threat actors.  

 

Upon their rediscovery of the flaw, security researchers provided the decryption key to BlackMatter’s victims before paying the ransom to recover their data. Moreover, the move has prevented the ransomware group from acquiring millions of illegal profits. 

BlackMatter eventually sees the loophole and closes it before they lose more money. 

According to security researchers, it is inevitable for threat groups to discover the actions executed by authorities in fighting them. But teaming up and helping as many victims as possible is a way to mitigate cybercrime somehow. 

About the author

Leave a Reply