Recently, a known Russian ransomware gang called BlackMatter has attacked Marketron, a business software solutions provider. BlackMatter ransomware encrypts the files of its victims with a version of RSA algorithms. The threat actor will leave a ‘readme’ file note with the steps to decrypt them. They also replace the wallpaper for the victims to take notice.
Meanwhile, Marketron is a firm that offers cloud-based revenue and traffic management tools for media companies. They discovered the issue through an email from the firm’s CEO, stating how the BlackMatter ransomware group was responsible for the attack. Additionally, the ransomware group was also responsible for an attack recently. They breached the NEW Cooperative US farmers organization and even requested a ransom ranging up to $5.9 million.
Marketron’s owner stated that the issue still occurred even though they have implemented many investments in parting backup and disaster recovery in physical and network environments, which sets up zero-trust access management guidelines and security tools. The company is already in contact with the BlackMatter group and the FBI to quickly restore their systems and processes. The company reported the issue last Monday, announcing a cyber event that currently disrupts their business and customer operations, adding that their services needed to temporarily go offline.
The vice president of Marketron’s marketing team has revealed that there are already third-party forensic investigators currently working on the problem to fully understand the scope of the issue and ensure the security of their company’s data. The incident’s root cause may still not be confirmed, but the investigation is assured to roll.
More details about BlackMatter ransomware
The BlackMatter ransomware has originated from a ransomware operation called the DarkSide. It stopped its operations after the Colonial Pipeline attacking event last May 2021. For the time being, BlackMatter is an active group that attacks over 12 companies in September alone.
A few of their latest victims include an investment services provider in the US, a Japanese technology giant Olympus, a maker of drilling equipment in Italy, a unified communications company in the UK, and more.
