[TheRecord] Free decrypter announced for past BlackMatter ransomware victims

Antivirus maker and cybersecurity firm Emsisoft announced today the availability of a free decryption utility for past victims of the BlackMatter ransomware.

The utility, named a decrypter, uses a flaw in the ransomware encryption scheme of the BlackMatter ransomware to allow the recovery of encrypted files without paying the ransom demand.The decrypter can recover files locked by the BlackMatter gang between mid-July and late-September 2021.The encryption flaw was fixed in recent versions of the BlackMatter code.Past BlackMatter victims can obtain a copy of the decrypter by reaching out to Emsisoft directly.

The utility was announced earlier today in a blog post by Emsisoft CTO Fabian Wosar, who identified the encryption flaw earlier this summer.

Wosar said Emsisoft had been working in the shadows with government agencies and law enforcement agencies to reach out to past BlackMatter victims and distribute the decrypter via private channels, helping them recover files without paying huge ransom fees.

The Emsisoft CTO said they publicly announced the decrypter today as a way to reach past BlackMatter victims they could not identify and contact in the past.

Wosar said they didn’t reveal the existence of this decrypter before in order to avoid the BlackMatter gang patching its code earlier.

The issue of releasing decrypters too early has been a recent talking point in the cybersecurity community, with some researchers advising their fellows to keep encryption bugs secret and help victims via private channels rather than announce decrypters with a PR fanfare.

Launched at the end of July, BlackMatter is a top-tier ransomware-as-a-service (RaaS) operation that works with a limited number of other criminal groups (called “affiliates”) to launch attacks against high-profile targets. In an ad posted on underground cybercrime forums, the BlackMatter gang said they were only interested in companies with revenues of $100 million or higher. The group is believed to be the de-facto rebrand of Darkside, the ransomware operation that hit Colonial Pipeline earlier this year, causing massive fuel shortages across the US East Coast and triggering an aggressive political response from US authorities.

The post Free decrypter announced for past BlackMatter ransomware victims appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-11-30

German users targeted with Gootkit banker or REvil ransomware blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/ On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystroke or video recording designed to […]

Read More

[HackerNews] [Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web

All posts, HackerNews

Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to […]

Read More

[TheRecord] Ghostscript zero-day allows full server compromises

Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks. Published by Vietnamese security researcher Nguyen The Duc, the proof-of-concept code is available on GitHub and was confirmed to work by several of today’s leading security researchers. This is indeed a […]

Read More