Over the past year, ransomware and cyberattacks have experienced exponential growth. In 2020, the FBI reported a 400% increase in cyberattacks—incidents that have not only become more frequent but also more precise, accurate, and methodical. Below is an examination of the reorganization of several prominent criminal groups.
BlackMatter
A new ransomware gang named BlackMatter is currently purchasing access to corporate networks, claiming to integrate the best features of two notorious ransomware strains: REvil and DarkSide.
BlackMatter post on a well-known Russian forum: In the post, the user stated their intention to purchase access to corporate networks in the United States, Canada, Australia, and Great Britain, excluding networks associated with medical and government entities.
They have also expressed a willingness to spend between $3,000 and $100,000 to acquire access to networks meeting the following criteria:
- Revenue: Annual revenue of $100 million or more.
- Scale: Networks containing between 500 and 15,000 devices.
- Exclusivity: New networks that have not been previously targeted by other threat actors.
Recently, their website was “wiped,” with the content replaced by the message: “All blogs hidden for now.”
While there is currently no confirmation regarding the gang’s claims—specifically whether they truly incorporate DarkSide and REvil features—it is highly probable that members of those groups have decided to form a new collective to further maximize their profits.
RAMP
A few days ago, the website previously linked to Babuk, known as RAMP, completely shifted its approach.
The page now lists instructions for joining a forum scheduled to open in 11 days. Prospective members must hold accounts on well-known underground forums with a specific positive reputation score and a minimum post count. If these requirements are not met, registration carries a $500 fee.
Furthermore, the final lines contain what appears to be a warning to members of the former gang who are allegedly attempting to obstruct the group’s activities. A rough translation of the statement follows:
“As the owner of this domain, I agree with Lawrence Abrams’ opinion that the old team wants to throw a stone at my back. We initially agreed that they would take their code and I would take the blog, which belongs to me by right. Do not try to screw me over; I know your methods and your capabilities, and I know my own.” una volta, provi a interferire nei miei affari, inizierò a lavorare contro di te (ho degli addetti ai lavori)
