BlackMatter
High ConfidenceHigh ThreatDarkSide
BlackMatter is a ransomware-as-a-service (RaaS) affiliate program that emerged in July 2021, believed to be a rebrand of the DarkSide ransomware group. The group incorporated what they claimed to be the 'best features' of DarkSide, REvil, and LockBit. BlackMatter primarily targeted large, high-revenue corporations in the U.S. and Europe with annual revenues over $100 million, demanding ransoms ranging from $80,000 to $15 million in Bitcoin and Monero. The group was known for its double-extortion tactics, which involved both encrypting and exfiltrating victim data. BlackMatter utilized previously compromised credentials for initial access and employed a variety of defense evasion techniques to remain undetected. The group ceased operations in November 2021, citing pressure from law enforcement.
BlackMatter is a ransomware-as-a-service (RaaS) affiliate program that emerged in July 2021, believed to be a rebrand of the DarkSide ransomware group. The group incorporated what they claimed to be the 'best features' of DarkSide, REvil, and LockBit. BlackMatter primarily targeted large, high-revenue corporations in the U.S. and Europe with annual revenues over $100 million, demanding ransoms ranging from $80,000 to $15 million in Bitcoin and Monero. The group was known for its double-extortion tactics, which involved both encrypting and exfiltrating victim data. BlackMatter utilized previously compromised credentials for initial access and employed a variety of defense evasion techniques to remain undetected. The group ceased operations in November 2021, citing pressure from law enforcement.
Target Sectors
Target Regions
Attributed to Criminal Organization (Russia). Attribution confidence: High.
Future Outlook
BlackMatter is expected to continue operations targeting Critical Infrastructure.
First observed activity
Last known activity