The FBI, CISA, and NSA have released a joint advisory about the BlackMatter Ransomware gang. This group has been gaining traction with their attacks since July 2021 and claims to be the successor of the Darkside and REvil ransomware groups.
The following best practices presented by the joint advisory will ensure your assets and those of your clients are secure. (Note from the sponsor of this post: Barracuda Managed XDR Endpoint Protection already automatically blocks any associated hash values, and Barracuda Managed XDR Network Security Monitoring offers custom detection mechanisms for this threat, but we also suggest you follow these in the spirit of maximum protection.)
What is the BlackMatter Ransomware gang?
A recent ransomware gang is posing a serious threat to businesses, claiming to be the successor to the infamous DarkSide and REvil ransomware groups. The gang has been setting up a network of affiliates by recruiting threat actors with access to networks of large enterprises in an attempt to infect them with its ransomware. Peculiarly, they will not target healthcare organizations, critical infrastructure, organizations in the defense industry, and non-profit companies.
This is especially noteworthy because ransomware can cause an organization to lose a large amount of money and data if not handled properly. More and more threat actors are looking to utilize ransomware as a way to make money. Furthermore, the fact that BlackMatter seems to be targeting large corporations should be alarming to both customers and employees of that organization.
The BlackMatter Ransomware gang has been setting up a network of affiliates by recruiting threat actors with access to networks of large enterprises in an attempt to infect them with its #ransomware. #CyberSecurity
Ransomware is an extremely difficult threat to deal with, as it encrypts all your data and may cripple your business, causing you to lose money. Organizations should be wary of threat actors attempting to access their network in order to keep their data safe.
What are the recommendations?
Barracuda MSP recommends the following actions to keep your organization protected against ransomware attacks:
- Ensure you have cloud and offsite backups in place to recover your data.
- Utilize strong passwords and enable multifactor authentication within your network.
- Keep your systems patched and updated to guard against the latest vulnerabilities.
- Implement network segmentation
- Utilize the US-CERT advisory to implement other recommendations to protect yourself.
You can also leverage Barracuda Managed XDR Endpoint Protection and Network Security Monitoring, which will block associated hash values and offer custom detection mechanisms for this threat.
For more in-depth information about the recommendations, please visit the following links:
This post was based on a threat advisory issued by our SKOUT Managed XDR team. For more info on how to best prepare your MSP business to protect clients from cyberthreats, visit the Barracuda Managed XDR page.