720-891-1663
Return to list of client alerts
The FBI, NSA and CISA have issued a joint alert on a flavor of ransomware called BlackMatter.
BlackMatter is a ransomware group, likely a successor to DarkSide that shut down in May.
Effectively, when things get hot for a ransomware group, they shut down, lay low for a couple of months and reappear under a new name.
According tot he Feds, they have already attacked MULTIPLE CRITICAL INFRASTRUCTURE targets, so assume no one is off limits.
In the typical BlackMatter attack, the use compromised credentials to attack the Windows Active Directory.
The Feds say to keep offline encrypted backups and implement tools to detect abnormal activity.
The CISA alert can be found here.