BlackMatter ransomware group may have shut down operations

[Ed. Note: This piece has been updated to include information about BlackCat, which has potential links to BlackMatter.]

The U.S. Department of Health and Human Services’ cybersecurity arm released a bulletin this week with some rare good news: The BlackMatter ransomware-as-a-service program appears to have shut down operations.  

“While [the Health Sector Cybersecurity Coordination Center] previously identified multiple healthcare and public health (HPH) sector or health sector-affiliated organizations impacted by this malware, the group has not claimed a victim since October 31, 2021,” said the HC3 analyst note.  

As such, HC3 reduced the threat level posed by the group from “yellow,” or “elevated,” to “blue,” or “guarded.” 

WHY IT MATTERS  

BlackMatter is a Russian-speaking group with likely origins in Eastern Europe.   

Although the operation claimed not to target healthcare entities, HC3 considered it to be a highly sophisticated operation that posed an “elevated risk” to the sector; in September, the agency released a briefing warning as much

In fact, HC3 said it is aware of at least four healthcare or healthcare-related organizations that have been impacted by BlackMatter ransomware incidents – including a medical testing and diagnostics company, a pharmaceutical consulting company, and a dermatology clinic, all in the United States.  

“A global medical technology company based in the Asia-Pacific region also suffered a BlackMatter incident,” read the analyst note.  

In October, federal agencies issued a Cybersecurity Advisory providing information on BlackMatter ransomware, suggesting that the group is a possible rebrand of the DarkSide ransomware-as-a-service organization. And on Wednesday, some analysts said that BlackCat, the ransomware group possibly behind a recent attack on two German oil companies, is likely another rebrand.

However, October was the same month BlackMatter appeared to claim its last victim.  

“On November 1, BlackMatter claimed it was shutting down operations following pressure from local law enforcement and stated that key members of its group were ‘no longer available,'” said the HC3 note.  

“Shortly thereafter, the existing BlackMatter victims were moved to the competing LockBit ransomware negotiation site,” it continued.  

THE LARGER TREND  

BlackMatter’s predecessor, REvil, has also receded from the threat landscape following several high-profile attacks on healthcare organizations.  

In November, the U.S. Department of Justice announced that it had taken action against two individuals accused of using the ransomware to attack U.S. businesses and government agencies.

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray in a statement at the time.  

ON THE RECORD  

“HC3 can confirm that the BlackMatter leak site is no longer operational and no known ransomware variants are believed to be successors at this time, according to open source reporting,” said the agency.

Still, it warned, “While the group appears to have shut down operations, other actors seeking lucrative payouts from ransomware attacks are likely to fill this void.”  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Norovirus behind most outbreaks and illnesses in Sweden thumbnail

Norovirus behind most outbreaks and illnesses in Sweden

Norovirus caused the most outbreaks and illnesses in 2022, according to the Swedish Food Agency (Livsmedelsverket). Overall, there were 337 reports of suspected or confirmed foodborne illnesses to the agency with 2,261 cases of illness. In 303 events, two or more people were infected from the same source. This is up from 251 outbreaks with
Read More
Did Gabapentin Improve Post-COVID Olfaction? thumbnail

Did Gabapentin Improve Post-COVID Olfaction?

Quizzes > Weekly News Quiz — You passed medical training, now see if you can pass our weekly quiz by MedPage Today Staff September 23, 2023 The 24-hour news cycle is just as important to medicine as it is to politics, finance, or sports. At MedPage Today, new information is posted daily, but keeping up
Read More
A Natural Alternative to Sleeping Pills for Better Sleep and Health thumbnail

A Natural Alternative to Sleeping Pills for Better Sleep and Health

Herbs with natural sedative properties offer an alternative to pharmaceutical sleeping pills and their common downsides: daytime drowsiness, memory problems, tolerance, withdrawal symptoms (including sleeplessness) and addiction. Some medications commonly prescribed for sleep can end up worsening insomnia and cause depression to boot. Adding to their potential problems is their ability to interact with other
Read More
Removal of labeling of penicillin allergy in hospitalized patients in acute condition thumbnail

Removal of labeling of penicillin allergy in hospitalized patients in acute condition

אלרגיה לפניצילין נמצאת עם שכיחות בין-לאומית של 10% בערך. יחד עם זאת, מרבית המטופלים אשר מדווחים על אלרגיה לפניצילין לא סובלים מרגישות יתר משמעותית קלינית. מעטים המטופלים אשר עוברים הערכה, מה שמוביל לשימוש עודף של אנטיביוטיקה רחבת-טווח. מטרת המחקר הייתה לעקוב אחר שכיחות ולהטמיע בדיקות סקר ובדיקות אבחנתיות של מטופלים מאושפזים. במסגרת המחקר, כל המטופלים…
Read More
AI-powered scheduling can boost clinician engagement, reduce burnout thumbnail

AI-powered scheduling can boost clinician engagement, reduce burnout

Research presented this past week at ASA Advance 2022, the Anesthesiology Business Event, found that artificial intelligence-based scheduling can play a significant role in reducing burnout and improving physician engagement.   Six months after the anesthesiology department at Ochsner Health in New Orleans implemented its new AI scheduling system, the average engagement scores of 60…
Read More
On Our January 2022 Radar: Actor And Indulge Of The Month thumbnail

On Our January 2022 Radar: Actor And Indulge Of The Month

ACTOR OF THE MONTH While many had written her off as arm candy, Vaani Kapoor surprised everybody with her performance as a trans-woman in Abhishek Kapoor’s Chandigarh Kare Aashiqui. With her measured acting and nuanced delivery, she reminded us of her sparkling performance in her debut film, Shuddh Desi Romance (2013), and showed us that…
Read More
Index Of News
Total
0
Share