BlackMatter Ransomware Group Shuts Down Due to Authorities Pressure

Published on November 3, 2021

The BlackMatter ransomware group declared that they would be closing their operations because of pressure from the government. This declaration was made on the backend of their web portal used for selling the ransomware strain on October 1, 2021. Although there is no clear mention of why the decision was made, the last two weeks had two major events that may have affected the group.

The actors said the project is closed with part of the team no longer available and that the entire infrastructure would be turned off in 48 hours since the announcement.

The first one had to do with Microsoft and Gemini Advisory reports that tied the FIN7 cybercrime group, considered the creators of Darkside and BlackMatter, to the cybersecurity company Bastion Secure and its activities recruiting unwitting collaborators. The second report came from New York Times and had to do with a recently established agreement between the US and Russia focusing on Russia-based cybercrime groups, which may affect FIN7.

The legal crackdown on cybercrime groups has led to a lot of arrests in recent months. One such prominent example is Operation HunTor that resulted in 150 arrests and seized goods. In addition, German authorities tracked down a REvil core member, and Europol identified 12 individuals linked with ransomware.

BlackMatter has been known for its significant cyberattacks, the most glaring of these being an attack on the US colonial pipeline that affected fuel supply for the US East Coast.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: