OnsceneALERT
Nov 7, 20212 min
CRITICAL INCIDENT NOTIFICATION
PUBLIC SAFETY THREAT
The US Government has issued an alert to organizations about the threat posed by the BlackMatter ransomware group.
The government’s Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, following a series of BlackMatter ransomware attacks since July 2021 targeting US critical infrastructure, including two American organizations working in the food and agriculture sector.
The BlackMatter ransomware, which came to prominence earlier this year following the demise of the notorious REvil and DarkSide ransomware gangs, is a ransomware-as-a-service (RaaS) operation that provides other cybercriminals with the technology needed to exfiltrate information from corporations, encrypt their data, and demand a costly ransom.
Effectively this means that the BlackMatter ransomware is not just in the hands of sophisticated cybercriminals, but also less-technical groups and individuals who may not normally have the skillset to pull off such an attack.
As the alert explains, BlackMatter uses previously-compromised usernames and passwords to spread across compromised networks, remotely encrypting computers and shared drives as they are found before ultimately demanding a ransom payment is made in cryptocurrency.
Law enforcement agencies, according to the CISA alert, are advising that all organizations take steps to harden their defenses and reduce the chance of a successful infection by the BlackMatter ransomware:
“Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks.”
Amongst the detailed advice included in the alert on how to protect against the BlackMatter ransomware and mitigate the threat are the following suggestions:
o Implement and enforce backup and restoration policies and procedures.
o Use strong, unique passwords.
o Use multi-factor authentication.
o Implement network segmentation and traversal monitoring.
CISA says out that BlackMatter actors have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero, and points out that alongside the NSA and FBI it strongly discourages ransom payments because it encourages others to engage in ransomware attacks, and does not guarantee files will be recovered.
Source Agency (Trip Wire)
Sourcing Link (Trip Wire)
Alerting Agency: OnsceneALERT.com
Subscribe to receive disaster & critical incident alerts like these on your mobile device
Visit us at www.OnsceneALERT.com
OnsceneALERT is a multi-award-winning emergency notification provider when critical incidents threaten public safety;
such as disasters, violent threats, and significant events.
Our community-based mobile alerts provide critical incident awareness of emerging threats and approaching disasters throughout the United States so individuals can be better prepared to protect themselves and their loved ones. Our alerts also increase emergency preparedness and disaster readiness for individuals, families, businesses, schools, government, faith-based organizations, and many more.
"Disasters Don't Give Warnings, But We Do"
Incident Number
2-211106-7602
Alert Type
Critical Incident Notification
Incident Type
Public Safety Threat
Incident Occurred
November 5, 2021
Alert Posted
November 6, 2021
Last Updated
November 6, 2021
Location
Nationwide
END OF ALERT