US authorities release possible measures against BlackMatter ransomware

CISA, FBI, and NSA urges to take actions against the BlackMatter ransomware after a tip from an undisclosed party

The advisory from NSA FBI, CISA got releasedAuthorities release the advisory on BlackMatter ransomware

Authorities release the advisory listing all the details about the operations of BlackMatter ransomware.[1] The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency try to help organizations defend their data and networks since such infections can create major issues and damage.[2] The particular BlackMatter ransomware-as-a-service[3] distribution started in July when various businesses in the US, Canada, Australia, U.K got affected, resulting in breached data.

At the time, the hacker group targeted networks of companies with revenue of $100 million at least. Cybercriminals even posted the announcement that they were looking to buy access to such systems related to a profitable business. They excluded hospitals, critical infrastructures, non-profit, the defense industry, and government-related organizations. However, multiple critical infrastructures got targeted already.[4]

Right not, researchers[5] try to inform people about the possible procedures, tactics, and methods, so the attacks typically result in breaches and financial losses can be avoided:

Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks.

Cryptovirus attacks can end brutally

BlackMatter ransomware made many victims by affecting networks and demanding up to $15 million from the affected people. Due to the remote monitoring and desktop software, access to these networks can be obtained. As well as the particular details that can be sold online and help to access these systems of businesses and profitable companies.

The ransomware is responsible for encrypting systems and asking for payments for alleged decryption tools. Analysis shows that malware can also use compromised administrator login credentials and discover the hosts in the Active Directory of the targeted system.

The threat also has versions possible to spread on Linux-based systems and encrypt the VMware ESXi virtual servers. This is a crucial fact because these servers are common in enterprise environments, used for management purposes. Consequences of such infection can be data breaches, financial losses, additional blackmail, and exposure of sensitive information.

Agencies note about the persistence of the ransomware

The three agencies based their research on the TTPs linked with the ransomware gang and created particular signatures to help with detection and prevention systems. This way, the system can alert when the remote encryption process is initiated or attempted to start.

Of course, in a more general cybersecurity sense, advisory lists all the measures that start with proper password creation habits. It is especially important to have strong, unique passwords when it comes to accounts, admin, service profiles, domain administrators. Multi-factor authentication is one of the ways that could help. Keeping updates occasional procedures can also help:

Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

Other advice from the agencies:

  • limit the access to resources over the network;
  • monitoring and network segmentation can help to notice unusual activities;
  • time-based access for admin accounts set for the timeframe that is needed for the task completion;
  • disabling of the command line and scripting;
  • backups, backups, backups.

These particular measures can be helpful for anyone out there, not necessarily for businesses, organization people, or large companies. Every day users need to take their data seriously and backup those files, make sure to keep secure passwords, and make use of the two-factor authentication when it is possible.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions