Insikt Group a procédé à une ingénierie inverse des variantes Linux et Windows de BlackMatter. ransomware et a fourni une vue d'ensemble de haut niveau des fonctionnalités, en plus des IOC, des utilitaires et des détections. Threat Intelligence Cette étude s'adresse aux professionnels de la sécurité informatique et à toute personne intéressée par une présentation technique de cette nouvelle variante de ransomware.

Executive Summary

Insikt Group analyzed Windows and Linux variants of BlackMatter ransomware, a new ransomware-as-a-service (RaaS) affiliate program founded in July 2021. During our technical analysis, we found that both variants accomplish similar goals of encrypting a victim’s files and appear to have been developed by a relatively sophisticated group. The Windows version of the ransomware employs several obfuscation and anti-reverse engineering techniques, suggesting that it was created by an experienced ransomware developer. BlackMatter’s Linux variant is another example of an emerging trend of malware targeting Linux-based systems, including ESXi and network-attached storage (NAS) devices. Recorded Future has provided reverse-engineering utilities, a YARA rule, and IOCs that organizations can use to hunt or detect the ransomware.

Note de la rédaction : Cet article est un extrait d'un rapport complet. Pour lire l'analyse complète, click here to download the report as a PDF.