With its partners in the FBI and NSA, the US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released a joint Cybersecurity Advisory that outlined the threat posed by BlackMatter, a criminal ransomware-as-a-service operation that may represent a rebranding of DarkSide. BlackMatter emerged in July of this year; DarkSide appeared in Russophone criminal circles in August or September of last year and was active through May of 2021. It's best known for the attack on Colonial Pipeline which disrupted fuel deliveries in much of the Eastern US this past May. Like DarkSide, BlackMatter has hit critical infrastructure, notably at least two targets in the Food and Agriculture Sector. CISA and its partners recommend a series of protective measures against attack and advise organizations to prepare for response and recovery. They strongly discourage victims from paying ransom.
CISA's caution against paying ransom may be familiar, but it isn't idle. A survey released this morning by CISOs Connect, Aimpoint Group, and W2 Reseach suggests that 80% of CISOs would at least consider paying ransom should they be attacked.
Digital Shadows joins other security firms in commenting on the reappearance and subsequent disappearance, again, of REvil. They note that the gang's successive versions appear to have grown less profitable. Why, then, the reboots? Apparently REvil thinks it retains some brand equity in the criminal-to-criminal markets.
The Sinclair Broadcast Group discovered a possible incident Saturday, identified it as a cyberattack Sunday, and issued a public statement Monday, which the Wall Street Journal calls quick disclosure.