Protect Against BlackMatter Ransomware Before It’s Offered
Predict 21: The Intelligence Summit Register Today

Protect Against BlackMatter Ransomware Before It’s Offered

August 4, 2021 • Insikt Group®

Insikt Group

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

Insikt Group reverse-engineered the Linux and Windows variants of BlackMatter ransomware and provided a high-level overview of the functionality in addition to IOCs, utilities, and detections. The intended audience of this research is threat intelligence professionals and those interested in a technical overview of the new ransomware variant.

Executive Summary

Insikt Group analyzed Windows and Linux variants of BlackMatter ransomware, a new ransomware-as-a-service (RaaS) affiliate program founded in July 2021. During our technical analysis, we found that both variants accomplish similar goals of encrypting a victim’s files and appear to have been developed by a relatively sophisticated group. The Windows version of the ransomware employs several obfuscation and anti-reverse engineering techniques, suggesting that it was created by an experienced ransomware developer. BlackMatter’s Linux variant is another example of an emerging trend of malware targeting Linux-based systems, including ESXi and network-attached storage (NAS) devices. Recorded Future has provided reverse-engineering utilities, a YARA rule, and IOCs that organizations can use to hunt or detect the ransomware.

Editor’s Note: This post was an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

New call-to-action

Related Posts

Dark Covenant: Connections Between the Russian State and Criminal Actors

Dark Covenant: Connections Between the Russian State and Criminal Actors

September 9, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...

H1 2021: Malware and Vulnerability Trends Report

H1 2021: Malware and Vulnerability Trends Report

August 31, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...

The Business of Fraud: SIM Swapping

The Business of Fraud: SIM Swapping

August 25, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...