Ransomware gangs are beginning to suffer body blows from cybersecurity professionals working for the private sector and federal agencies.
Software company Emsisoft said it discovered a flaw earlier this year in BlackMatter ransomware used by cybercriminals. The flaw allowed Emsisoft to help victims recover their files without paying a ransom.
The company said it has shared its decryption capabilities quietly with “law enforcement agencies and trusted parties,” as it responded to attacks using BlackMatter, which Emsisoft said was a successor to the DarkSide ransomware attackers that gained notoriety for hitting a major U.S. fuel provider earlier this year.
After a leaked ransom note appeared online and screenshots of negotiations appeared on Twitter, BlackMatter operators picked up on its vulnerability and locked down its service. Emsisoft publicly disclosed its work Sunday after one of its tools to help victims were exposed and BlackMatter released an update fixing the flaw.
“The broad Twitter infosec community quickly picked up on the leak, got their hands on the private link intended for the victim only, and started to hijack the negotiations being held on the BlackMatter communication platform,” Fabian Wosar, Emsisoft chief technology officer, wrote on the company’s blog. “Soon, both the victim and the BlackMatter operators were confronted with an onslaught of insults and trolling behavior. … However, as cathartic as throwing expletives might have felt, it resulted in BlackMatter locking down their platform, and locking us and everyone else out in the process.”
While the information security community’s Twitter chatter took one option for fighting back away from Emsisoft, the company claims it has other similar tools to fight various ransomware gangs.
“We have decryption tools for multiple ransomware families,” Brett Callow, Emsisoft threat analyst, said in an email. “Some of the tools completely avoid the need for a ransom to be paid — like the tool which helped BlackMatter’s victims — while others act in place of the tools the criminals provide to enable organizations to recover more quickly and safely than would otherwise be possible.”
Mr. Callow publicly thanked Cybersecurity and Infrastructure Security Agency Director Jen Easterly’s team on Twitter for helping Emsisoft, and she responded with tweets thanking Mr. Callow and touting the Biden administration’s new efforts to partner with private companies in fights against hackers and ransomware attackers.
Last week, the cybercriminal gang REvil was forced offline by a multi-country operation involving U.S. federal agencies such as the Secret Service, FBI and U.S. Cyber Command, according to Reuters. REvil previously claimed prominent victims, including major meat producer JBS earlier this year according to the FBI.