Under pressure, the Blackmatter ransomware group would throw in the towel

The information is always to be taken with caution, but the group behind the Blackmatter ransomware has reportedly ceased its activities. Security research group, VX-Underground, received a screenshot of a message allegedly posted by Blackmatter operators from the 1^is November on their site. In it, they warn affiliates that their ransomware operations will cease within 48 hours.

“Due to some unsolvable circumstances related to pressure from the authorities (part of the team is no longer available after the latest news), the project is closed,” the message read. “Breaking News” may refer to a recent international operation resulting in the arrest of 12 people suspected of being linked to 1,800 ransomware attacks in 71 countries.

Waiting for the birth of another group

Also in the message, the group specifies that after 48 hours, the entire infrastructure will be deactivated. For the attention of the affiliates, he offers to send them a decryptor to continue ransoming the victims. According to our colleagues at Bleepingcomputer, the Tor payment site and the data theft dissemination site were still active.

As a reminder, Blackmatter had succeeded Darkside which fell last July. He has led several media operations such as Olympus or Martiniquaise-Bardinet. If the closure of Blackmatter is confirmed, the lifespan of groups offering RaaS (ransomware as a service) becomes increasingly shorter. It also shows that international judicial cooperation is progressing and winning victories against gangs. Still, nature abhors a vacuum and Blackmatter will certainly be replaced by another group in the coming days or weeks.