The malicious actors behind the BlackMatter ransomware have announced that they are shutting down the operation due to the pressure from the authorities.
Active since July 2021, the ransomware operation is thought to be a rebrand of the DarkSide RaaS that shut down after the attack that crippled the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S.
The plan has been revealed via a message posted in the backend of their Ransomware-as-a-Service portal on November 1, 2021. The announcement in Russian was spotted by the vx-underground infosec group.
In a statement the group said that “due to specific unsolvable circumstances” related to pressure from the authorities the project has been closed, adding that the part of the team is no longer available after the recent reports, and that the entire infrastructure will be shut down after 48 hours.
While the group did not explain what pressure from authorities they were talking about, the announcement comes after several major reports about actions taken by law enforcement agencies against some ransomware operators.
In October, Reuters reported that the hacking group REvil, a gang behind multiple high-profile ransomware attacks in recent years, itself was hacked and forced offline as a result of a joint operation conducted by the FBI, U.S. Secret Service, Cyber Command, and organizations from other countries.
Last week, Europol said 12 individuals were arrested on suspicion of launching ransomware attacks against critical infrastructure and large corporations that affected over 1,800 victims in 71 countries. The suspects have been linked to LockerGoga, MegaCortex and Dharma ransomware. The group is believed to be behind a LockerGoga ransomware attack on the Norway-based aluminum manufacturer Norsk Hydro in 2019, which crippled production across the company’s factories in two continents.