BlackMatter Ransomware Group Shuts Down Due to Authorities Pressure

• The BlackMatter ransomware group made an announcement saying it wil cease operations due to government pressure.
• The message was posted on October 1 on their RaaS platform backend for their clients to see.
• Behind this decision may be the major reports coming from Microsoft and Gemini Advisory that linked FIN7 to Bastion Secure.

The BlackMatter ransomware group declared that they would be closing their operations because of pressure from the government. This declaration was made on the backend of their web portal used for selling the ransomware strain on October 1, 2021. Although there is no clear mention of why the decision was made, the last two weeks had two major events that may have affected the group.

The actors said the project is closed with part of the team no longer available and that the entire infrastructure would be turned off in 48 hours since the announcement.

The first one had to do with Microsoft and Gemini Advisory reports that tied the FIN7 cybercrime group, considered the creators of Darkside and BlackMatter, to the cybersecurity company Bastion Secure and its activities recruiting unwitting collaborators. The second report came from New York Times and had to do with a recently established agreement between the US and Russia focusing on Russia-based cybercrime groups, which may affect FIN7.

The legal crackdown on cybercrime groups has led to a lot of arrests in recent months. One such prominent example is Operation HunTor that resulted in 150 arrests and seized goods. In addition, German authorities tracked down a REvil core member, and Europol identified 12 individuals linked with ransomware.

BlackMatter has been known for its significant cyberattacks, the most glaring of these being an attack on the US colonial pipeline that affected fuel supply for the US East Coast.