{"id":3002,"date":"2021-08-02T15:33:23","date_gmt":"2021-08-02T13:33:23","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=3002"},"modified":"2026-03-30T11:00:20","modified_gmt":"2026-03-30T11:00:20","slug":"aggiornamenti-ransomware-gang","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/aggiornamenti-ransomware-gang\/","title":{"rendered":"Ransomware Evolution and Group Reorganization"},"content":{"rendered":"\n<p>Over the past year, ransomware and cyberattacks have experienced exponential growth. In 2020, the FBI reported a <strong>400% increase<\/strong> in cyberattacks\u2014incidents that have not only become more frequent but also more precise, accurate, and methodical. Below is an examination of the reorganization of several prominent criminal groups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">BlackMatter<\/h3>\n\n\n\n<p>A new ransomware gang named <strong>BlackMatter<\/strong> is currently purchasing access to corporate networks, claiming to integrate the best features of two notorious ransomware strains: <strong>REvil<\/strong> and <strong>DarkSide<\/strong>.<\/p>\n\n\n\n<p><strong>BlackMatter post on a well-known Russian forum:<\/strong> In the post, the user stated their intention to purchase access to corporate networks in the United States, Canada, Australia, and Great Britain, excluding networks associated with medical and government entities.<\/p>\n\n\n\n<p>They have also expressed a willingness to spend between <strong>$3,000 and $100,000<\/strong> to acquire access to networks meeting the following criteria:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Revenue:<\/strong> Annual revenue of $100 million or more.<\/li>\n\n\n\n<li><strong>Scale:<\/strong> Networks containing between 500 and 15,000 devices.<\/li>\n\n\n\n<li><strong>Exclusivity:<\/strong> New networks that have not been previously targeted by other threat actors.<\/li>\n<\/ul>\n\n\n\n<p>Recently, their website was &#8220;wiped,&#8221; with the content replaced by the message: <em>&#8220;All blogs hidden for now.&#8221;<\/em><\/p>\n\n\n\n<p>While there is currently no confirmation regarding the gang&#8217;s claims\u2014specifically whether they truly incorporate DarkSide and REvil features\u2014it is highly probable that members of those groups have decided to form a new collective to further maximize their profits.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">RAMP<\/h3>\n\n\n\n<p>A few days ago, the website previously linked to <strong>Babuk<\/strong>, known as <strong>RAMP<\/strong>, completely shifted its approach.<\/p>\n\n\n\n<p>The page now lists instructions for joining a forum scheduled to open in 11 days. Prospective members must hold accounts on well-known underground forums with a specific positive reputation score and a minimum post count. If these requirements are not met, registration carries a <strong>$500 fee<\/strong>.<\/p>\n\n\n\n<p>Furthermore, the final lines contain what appears to be a warning to members of the former gang who are allegedly attempting to obstruct the group&#8217;s activities. A rough translation of the statement follows:<\/p>\n\n\n\n<p>&#8220;As the owner of this domain, I agree with Lawrence Abrams&#8217; opinion that the old team wants to throw a stone at my back. We initially agreed that they would take their code and I would take the blog, which belongs to me by right. Do not try to screw me over; I know your methods and your capabilities, and I know my own.&#8221;<strong><em> una volta, provi a interferire nei miei affari, inizier\u00f2 a lavorare contro di te (ho degli addetti ai lavori)<\/em><\/strong><\/p>\n\n\n<p><!--EndFragment--><\/p>","protected":false},"excerpt":{"rendered":"<p>Over the past year, ransomware and cyberattacks have experienced exponential growth. In 2020, the FBI reported a 400% increase in cyberattacks\u2014incidents that have not only become more frequent but also more precise, accurate, and methodical. Below is an examination of the reorganization of several prominent criminal groups. BlackMatter A new ransomware gang named BlackMatter is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[44,56,105,282,284,295],"class_list":["post-3002","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-babuk","tag-blackmatter","tag-darkside","tag-ramp","tag-ransomware-gang","tag-revil"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=3002"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3002\/revisions"}],"predecessor-version":[{"id":9753,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3002\/revisions\/9753"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=3002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=3002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=3002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}