There’s a brewing consensus among cyber security professionals that the infamous DarkSide cybercriminals gang responsible for the Colonial Pipeline attack in May, may have rebranded as a new group called Black Matter.
Analyst see similarities between DarkSide and Black Matter when it comes to crypto currency wallets, strains of malware, and similarities in the keys it gives victims for decryption, according to Wall Street Journal cybersecurity reporter David Uberti.
Blockchian analyst can easily watch money move from one crypto currency address to another and map out patterns believed to be ransomware payments, especially companies that report it.
“The White House has been public about how it wants to bolster the way it tracks financial transactions to ransomware groups. And that’s one of the ways in which they can pinpoint where the problem areas are and the scope of the problem,” said Uberti, in a WSJ podcast.
Cybersecurity experts are also carefully analyzing the tools the hackers used to deploy the ransomware inside companies like the Colonial Pipeline, by observing the code more closely. Similarities are present in DarkSides’s rebranding efforts in how the malware descriptors are written.
Uberti also noted there’s been a lot of turnovers within these hacking groups, many of which are specialist in breaking into companies and deploying the ransomware. “There’s an emerging and rotating cast of characters with all of these groups, so at the very least, there’s some overlap between some of these hacking groups we’re seeing,” says Uberti, in a WSJ podcast.
Cybersecurity firm Recorded Future published an interview with someone claiming to be part of Black Matter, who revealed they received lessons from DarkSide. One of the lessons learned from DarkSide was not to attack critical infrastructure for fear of action by the U.S. government. They also noted they would not attack the healthcare sector, which leaves many businesses that don’t classify within those two sectors vulnerable.
“A lot of people within the cyber world have compared this to a game of whack-a-mole, that if you take specific actions against the group, if we are to basically hack back and take them offline, they will simply emerge in some other way as some other form under some other name,” says Uberti, in a WSJ podcast.