HC3 TLP White Threat Briefing – Demystifying BlackMatter September 2, 2021

Agenda

  • Executive Summary
  • What the Group Claims To Be
  • What We Know About the Group
  • Technical Details
  • Mitigations
  • Outlook

Malware

  • First Surfaced: July 2021
  • Suspected Predecessor(s): DarkSide, REvil RaaS
  • Malware Capabilities: Ransomware written in C that encrypts files using a combination of Salsa20 and 1024-bit RSA
  • Targeted Systems: Windows and Linux servers

Group

  • Origin: Likely Eastern Europe, Russian-speaking
  • Forum Presence: Exploit and XSS, BlackMatter blog
  • Targeted Countries: United States, India, Brazil, Chile, Thailand, and growing
  • Targeted Industries: Legal, Real Estate, IT Services, Food & Beverage, Architecture, Education, Finance
  • Status: Actively seeking Initial Access Brokers (IABs) and affiliates for ransomware deployment
  • Classification: Highly-sophisticated, financiallymotivated cybercriminal operation
  • Threat to HPH Sector: Elevated Risk

View the entire report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Leadership Rounds
Leadership Dialogue
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 2