Researcher named “Fabian Wosar” has identified a new evidence of re-branded ransomware group dubbed” BlackMatter” which was earlier in the name of “DarkSide” threat actors famous for their ransomware attacks.
Fabian has confirmed that the decryptor from BlackMatter victim has lot of similarities which is also using same type of encryption methods that the DarkSide ransomware gangs used in the past.
https://platform.twitter.com/widgets.jsAfter looking into a leaked BlackMatter decryptor binary I am convinced that we are dealing with a Darkside rebrand here. Crypto routines are an exact copy pretty much for both their RSA and Salsa20 implementation including their usage of a custom matrix.
— Fabian Wosar (@fwosar) July 31, 2021
“Instead of using constant strings, a position, nonce, and key, for each encrypted file, DarkSide fills the words with random data. DarkSide used an RSA-1024 implementation unique to their encryptor, which BlackMatter also uses.” Fabian told the third party site(Bleepingcomputer).
It is important to keep an eye on this specific threat actors as their history of attacks targeted attacks on oil and gas industry has failed, they may perform the well organized attacks in the near future.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1
CyberWorkx 