Health and Public Health Sector Warn of Elevated Risk of BlackMatter Ransomware Attack
The health and public health sector is facing an elevated risk of ransomware attacks by affiliates of the BlackMatter ransomware-as-a-service (RaaS) operation, according to the Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services.
The BlackMatter threat group emerged in July 2021 shortly after the DarkSide ransomware gang shut down its operation and the Sodinokibli/REvil took its infrastructure offline. The Russian speaking threat group is believed to originate in Eastern Europe and has conducted many attacks over the past couple of months in Brazil, Chile, India, Thailand, and the United States. The group also started leaking data stolen in attacks on its data leak site on August 11, 2021.
The threat group has mostly conducted ransomware attacks on companies in the real estate, food and beverage, architecture, IT, financial services, and education sectors, and while the ransomware gang has publicly stated it would not attack hospitals, critical infrastructure companies, nonprofits, government, and defense contractors, there is concern that attacks may still occur.
The threat group said in its sales pitch for affiliates that its ransomware incorporates the best features of the DarkSide, Lockbit 2.0 and Sodinokibi/REvil ransomware variants, and a technical analysis of the ransomware found several similarities between both DarkSide and Sodinokibi/REvil ransomware variants suggesting the gang has links with those operations.