CYBERSECURITY ADVISORY: The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory Monday regarding BlackMatter ransomware cyber intrusions targeting multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations.
The advisory includes technical details, analysis, and assessment of this cyber threat, as well as several mitigation actions that can be taken to reduce the risk of this ransomware.
First seen in July 2021, cyber actors leveraged BlackMatter with embedded, previously compromised credentials that enabled them to access the network and remotely encrypt hosts and shared drives. When the actors found backup data stores and appliances on the network, not stored offsite, they wiped or reformatted the data.
BlackMatter is a ransomware-as-a-service (Raas) tool, which means the developers are able to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it.
”The FBI, along with CISA and NSA, is dedicated to preventing, disrupting, and combating the evolving ransomware threat,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. “Unfortunately, too many ransomware incidents go unreported, and because silence benefits the cybercriminals the most, we ask targeted entities to contact their local FBI Field Office and speak to a cyber agent.
By reporting a cyber incident, targeted entities are enhancing our ability to respond and investigate with the goal of disrupting cybercriminal operations. We will continue to leverage our unique authorities and capabilities to protect the American people from this threat; however, we cannot accomplish this alone.”
The advisory is available on the new, whole-of-government ransomware website, StopRansomware.gov.
