The BlackMatter ransomware group claims to be shutting down amid increasing pressure from authorities cracking down on their illegal activity. However, this wouldn’t be the first time we’ve seen the notorious ransomware group slink into the shadows only to reemerge with a new name and new targets later on.
BlackMatter’s previous iteration was DarkSide, the group behind the disastrous Colonial Pipeline attack and other critical infrastructure targets. More than ever, ICS/OT security professionals need to remain focused on securing their systems and preparing recovery protocols in the event they are hit with an attack.
Mark Carrigan, Cyber Vice President, Process Safety and OT Cybersecurity at Hexagon PPM shared his insights on the latest news on the group:
"The announcement from BlackMatter that they are shutting down operations due to pressure from authorities should be met with skepticism, at best. This would not be the first time that they, and others, have made such an announcement only to resurface at a later date. BlackMatter and others have developed a lucrative business model with almost no recriminations. Until there is real pressure, and cooperation from international governments, these criminal enterprises will continue to operate with impunity."