BlackMatter Ransomware is the re-branded version of Darkside Ransomware
. It encrypts user data with Salsa20 + RSA-1024 and demands a ransom ranging from $3 to $4 million in Monero (XMR). This BlackMatter Ransomware was made available on the cyber underground forums on July 21, 2021. A sample of this ransomware was found at the end of July 2021. The BlackMatter gang calls brokers those who can provide them exclusive access to the networks of large companies with income of $100,000,000 per year or more, with 500-15,000 hosts, based in the USA, UK, Canada, Australia. A BlackMatter representative says that they are willing to pay up to $100,000 to eligible brokers for exclusive access to any of the eligible networks.
BlackMatter Ransomware Linux Variant is infecting VMware ESXi servers. A sample
is available for analysis.
BlackMatter Ransomware Sample 1 Signatures
BlackMatter Ransomware Sample 1 Download
BlackMatter Ransomware Sample 2 Signatures
BlackMatter Ransomware Sample 2 Download