It has been reported that the BlackMatter ransomware group is shutting down their operations following recent police operations and pressures from law enforcement. Previously BlackMatter had said of themselves: “The project has incorporated in itself the best features of DarkSide, REvil, and LockBit.”
The group had been behind the attack on Colonial Pipeline in May 2021, as ZDNet has reported. Following this, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. The BlackMatter group commonly posted on Exploit and XSS, two known cybercrime forums in the dark web.
Raising the matter with Digital Journal is Steve Forbes, government cyber security expert at Nominet.
Forbes explains that while the news is welcomed, the people behind the ransomware group are unlikely to have gone away. He notes: “Any successful criminal group such as BlackMatter have considerable funds and resources that will enable them to reinvent themselves.”
This is partly connected to the nature of crime, as Forbes points out: “If the criminals feel that part of their operation is compromised or that law enforcement are closing in then they will naturally want to distance themselves from their existing activities and infrastructure as quickly as possible, but given the lucrative activity of ransomware as a service (RaaS) we are likely to see them reappear in the near future.”
Of course other factors may be at play, Forbes advises: “This could of course be a deliberate ploy if they feel that their communications with affiliates is being monitored, perhaps to divert the attention of law enforcement to other ransomware gangs.”
Trying to get inside the head of the criminals, Forbes speculates: “For these criminal organisations they are always going to be weighing up the risk and reward, much like any criminal activity, but given that the rewards of successful ransomware attacks are so big it is unlikely that this is the last we will see of this group.”
Forbes concludes by cautioning: “Despite some recent wins for law enforcement, the battle against ransomware is far from over.”