blackmatter
Group profile
Ransomware-as-a-Service
MITRE ATT&CK TTPs
Initial Access
T1078Valid Accounts
BlackMatter purchased access to already-compromised networks from initial access brokers on underground forums, targeting organizations with 500-15,000 hosts and revenues of $100M+.
Execution
Defense Evasion
Credential Access
T1003OS Credential Dumping
Credential dumping tools used to harvest domain and local account credentials for lateral movement.
Discovery
Lateral Movement
Exfiltration
T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
Data exfiltrated to actor-controlled infrastructure and cloud storage for double extortion via the BlackMatter leak site.
Command and Control
T1071.001Application Layer Protocol: Web Protocols
HTTPS used for C2 communication; Tor onion addresses used for victim portals.
Impact
T1486Data Encrypted for Impact
BlackMatter uses Salsa20 for file content encryption and RSA-1024 for key protection. Partial file encryption (first 1MB) used for speed on large files. Targets Windows, Linux (ESXi), and NAS devices. Active July-November 2021 before announcing shutdown; considered successor to DarkSide.
T1490Inhibit System Recovery
Volume shadow copies removed; Windows recovery options disabled to prevent victim recovery without payment.
Recent victims
| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2021-11-04 |  National Beveragenationalbeverage.com | Agriculture and Food Production | US |
| 2021-11-04 | K Keycentrix | Business Services | |
| 2021-11-04 | J Jobbers Meat Packing Co., Inc. | Agriculture and Food Production | |
| 2021-11-04 | H Home State Bank | Financial Services | |
| 2021-11-04 | A Armour Transportation Systems | Transportation/Logistics | |
| 2021-10-04 | Z ZKTeco USA | Technology | |
| 2021-09-29 | C crystalvalley | Consumer Services | |
| 2021-09-21 | B Bumper to Bumper Autoparts | Consumer Services | |
| 2021-09-20 | L LA-Martiniquaise | Agriculture and Food Production | |
| 2021-09-20 | J JMclaughlin | Consumer Services | |
| 2021-09-20 | C CasagrandeGroup | Construction | |
| 2021-09-20 | B BCP Securities | Financial Services | |
| 2021-09-20 | P Pramer Baustoffe GmbH | Construction | |
| 2021-09-20 | E Ellerboeck | Manufacturing | |
| 2021-09-20 | C Citrocasa GmbH | Agriculture and Food Production | |
| 2021-09-20 | A Actief-Jobmade | Business Services | |
| 2021-09-20 | E Eisvogel Hubert Bernegger GmbH | Manufacturing | |
| 2021-09-18 | P Pulmuone Co., Ltd. | Agriculture and Food Production | |
| 2021-09-17 | M Modern Testing Services | Business Services | |
| 2021-09-17 | N northwoods & spectrumfurniture | Consumer Services | |
| 2021-09-15 | E EQUITY TRANSPORTATION | Transportation/Logistics | |
| 2021-09-11 | R River City Construction | Construction | |
| 2021-09-09 | H hhcp.com | Healthcare | |
| 2021-09-09 | N Network Telecom / Enreach | Telecommunication | |
| 2021-09-09 | P Pine Labs Pvt | Technology | |
| 2021-09-09 | K Kaydon Corporation (SKF Group Brand) | Manufacturing | |
| 2021-09-09 | T tastefulselections & WFG | Agriculture and Food Production | |
| 2021-09-09 | M Middleton Reutlinger | Business Services | |
| 2021-09-09 | G g-able.com | Technology | |
| 2021-09-09 | D Diamond Schmitt | Construction | |
| 2021-09-09 | T Trust Capital Funding | Financial Services | |
| 2021-09-08 |  Olympusolympusgrp.com | Technology | US |