After the successful attacks made by the Darkside ransomware on the Colonial Pipe pipeline and the REvil Sodinokibi ransomware on Kaseya, both have shut down. This caused a gap to be opened for new ransomware extensions to appear seeking a leading role in attacks and so-called Ransomware-as-a-Service (RaaS) which is the outsourcing of attacks.
From this gap some ransomware emerged and entered the “dispute” such as BlackMatter ransomware, Lockbit 2.0 rasomware, and others.
We have a lot to talk about these new ransomware that are aiming to carry on the legacy of successful attacks left by the Darkside ransomware and Sodinokibi REvil.
Let’s take a closer look at the BlackMatter ransomware.
In late July BlackMatter appeared on a Russian forum claiming to be ransomware that contains the best parts of the Darkside and REvil Sodinokibi ransomware, unlike its predecessors it does not have any restricted countries for attacks,, Russia for example, and also does not encrypt all files on the computer, but only a part, this is done so that the encryption time is reduced and countermeasures do not have time to activate.
The only restrictions on targets are:
- Hospitals.
- Critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities).
- Oil and gas industry (pipelines, oil refineries)
- Defense industry
- Non-profit companies
- Government sector
These restrictions have been disclosed by the BlackMatter developers themselves. These restrictions were made so that the same mistakes made by Darkside and REvil Sodinokibi would not happen again, mistakes that led to the closure of their services. These areas bring a lot of attention from government authorities, especially the United States government. If your company is not part of these sectors, you are a target for them.
With all this “power” of BlackMatter, you may be wondering what countermeasures you can take to avoid paying the ransom.
Recovery of files encrypted by BlackMatter ransomware
Digital Recovery has developed a unique technology that can recover ransomware-encrypted files of any length, we call it Tracer.
This type of recovery was impossible until two years ago, so there are still companies that say that recovery of files attacked by ransomware is impossible.
We did not accept this fact and invested heavily in developing an appropriate technology for this, and after much investment and effort we finally succeeded in creating this technology. It has saved our customers a highly significant amount of money for their companies.
All our services follow the guidelines established by the LGDP (General Law of Data Protection), so that the recovery of encrypted data is done in a secure and discreet way. Besides following these guidelines, we also count on the confidentiality agreement (NDA).
See what we can do to recover ransomware files in practice, contact one of our specialists, and start the data recovery process now.
