The BlackMatter ransomware operators have decided to shut down operations as they felt threatened by local authorities, according to an announcement published by the gang itself on the dark web.
According to vx-underground, “BlackMatter ransomware group has announced they’re shutting down operations following pressure from local authorities – they state key members are no longer ‘available’.”
It is unclear if ‘no longer available’ means cuffed and detained. Considering how Britain’s ICO, the Europol, and the FBI are doubling down on ransomware operations globally, it’s not entirely out of the question.
A translation of the news reveals that the ransomware-as-a-service would close within 48 hours of the announcement. However, affiliates can still email their victims “for further communication,” as well as get decryptors if needed.
Last month, federal agencies implicated the BlackMatter group in several high-profile ransomware attacks.
First seen in mid-2021, BlackMatter ransomware-as-a-service (RaaS) is said to be a possible rebrand of DarkSide, a similar RaaS active from September 2020 through May 2021.
BlackMatter actors have claimed quite a few victims, demanding ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero.
The group has notably avoided hitting healthcare organizations – or at least that’s what they’ve reportedly claimed.