BlackMatter Ransomware is the re-branded version of
Darkside Ransomware. It encrypts user data with Salsa20 + RSA-1024 and demands a ransom ranging from $3 to $4 million in Monero (XMR). This BlackMatter Ransomware was made available on the cyber underground forums on July 21, 2021. A sample of this ransomware was found at the end of July 2021. The BlackMatter gang calls brokers those who can provide them exclusive access to the networks of large companies with income of $100,000,000 per year or more, with 500-15,000 hosts, based in the USA, UK, Canada, Australia. A BlackMatter representative says that they are willing to pay up to $100,000 to eligible brokers for exclusive access to any of the eligible networks.
BlackMatter Ransomware Linux Variant is infecting VMware ESXi servers. A
sample is available for analysis.
BlackMatter Ransomware Sample 1 Signatures
Family: Ransom.BlackMatter
MD5: d0512f2063cbd79fb0f770817cc81ab3
SHA256: 7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
BlackMatter Ransomware Sample 1 Download
BlackMatter Ransomware Sample 2 Signatures
Family: Trojan-Ransom.BlackMatter
MD5: 598c53bfef81e489375f09792e487f1a
SHA256: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
BlackMatter Ransomware Sample 2 Download
