[MART] - Daily Diary #373 - FBI, CISA and NSA warns about BlackMatter Ransomware

CTAS-MAT ctas-mat at appgate.com
Wed Oct 20 22:07:36 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

10/20/2021 - Diary entry #373

In our Daily Diary #327, we covered that after Colonial Pipeline attack, DarkSide ransomware decided to shut down its operations, and the ransomware operation BlackMatter emerged. It's believed that BlackMatter is created or has recruited affiliates from DarkSide and REvil ransomware operations.

This week FBI, CISA and NSA published a joint advisory, providing details about BlackMatter operations and defense recommendations. The advisory covers the tactics and techniques used by the attackers, highlighting the fact that BlackMatter uses embedded LDAP and SMB credentials to discover hosts and move laterally through the network. BlackMatter operators are also using a separated Linux compiled malware to encrypt ESXi virtual machines. When it comes to backup storage, the threat actors are known to wipe or reformat data stores and backup appliances connected to the network.

In the advisory, the organizations emphasize the value for organizations to apply best practices to protect their networks, like using multi-factor authentication, implement multi-factor authentication, use strong passwords and enforce backup procedures. Those recommendations are all covered in the ZeroTrust mindset, which we highly recommend for companies trying to be safe and minimize any damage caused by ransomware and other cyber-attacks.

Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20211020/d0febd0f/attachment.htm>

More information about the MART mailing list