Description
BlackMatter ransomware group claims to be Darkside and REvil succesor.
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample
81KB
210921-qj8gfahfb5
5a8491587ab0f96ba141ae59365bc911
1ab2fac4f2dc92893a9f89fc6621f66bd47cb783
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2
97e760f60e4db99983d05db69776058cf2f2c5ab98adea76000001a94a24f3b23feee4464baa23cf49dfa017e331c3b8b19c9da5b696f961f63cd65fc864c5c7
Family | blackmatter |
Version | 2.0 |
Botnet | 04bdf8557fa74ea0e3adbd2975efd274 |
C2 |
mepocs memtas veeam svc$ backup sql vss msexchange |
Attributes |
attempt_auth true
create_mutex true
encrypt_network_shares true
exfiltrate true
mount_volumes true |
rsa_pubkey.base64 |
|
aes.base64 |
|
Path | C:\1rWCqamCt.README.txt |
Family | blackmatter |
Ransom Note |
~+
* +
' BLACK |
() .-.,='``'=. - o -
'=/_ \ |
* | '=._ |
\ `=./`, '
. '=.__.=' `=' *
+ Matter +
O * ' .
>>> What happens?
Your network is encrypted, and currently not operational.
We need only money, after payment we will give you a decryptor for the entire network and you will restore all the data.
>>> We downloaded over 500GB company information from all domain.
Data includes:
- Personal company info
- Finance information
- Client information
- Accounting
and other sensitive info;
To download your data we used following shares:
015-SBE-01.mmreibc.prv
MMWEB-021-01.mmreibc.prv
ALTERYX-PRD-02.mmreibc.prv
511-HARRIS-OLD
002-NAS-01.mmreibc.prv
003-NAS-01.mmreibc.prv
009-NAS-01.mmreibc.prv
010-NAS-01.mmreibc.prv
012-NAS-01.mmreibc.prv
013-NAS-01.mmreibc.prv
014-NAS-01.mmreibc.prv
016-NAS-01.mmreibc.prv
020-NAS-01.mmreibc.prv
022-NAS-01.mmreibc.prv
025-NAS-01.mmreibc.prv
026-NAS-01.mmreibc.prv
028-NAS-01.mmreibc.prv
029-NAS-01.mmreibc.prv
030-NAS-01.mmreibc.prv
032-NAS-01.mmreibc.prv
033-NAS-01.mmreibc.prv
034-NAS-01.mmreibc.prv
035-NAS-01.mmreibc.prv
036-NAS-01.mmreibc.prv
037-NAS-01.mmreibc.prv
039-NAS-01.mmreibc.prv
040-NAS-01.mmreibc.prv
041-NAS-01.mmreibc.prv
042-NAS-01.mmreibc.prv
045-NAS-01.mmreibc.prv
047-NAS-01.mmreibc.prv
049-NAS-01.mmreibc.prv
051-NAS-01.mmreibc.prv
052-NAS-01.mmreibc.prv
053-NAS-01.mmreibc.prv
054-NAS-01.mmreibc.prv
055-NAS-01.mmreibc.prv
056-NAS-01.mmreibc.prv
063-NAS-01.mmreibc.prv
068-NAS-01.mmreibc.prv
070-NAS-01.mmreibc.prv
082-NAS-01.mmreibc.prv
085-NAS-01.mmreibc.prv
086-NAS-01.mmreibc.prv
093-NAS-01.mmreibc.prv
098-NAS-01.mmreibc.prv
099-NAS-01.mmreibc.prv
and others.
If you are not going to contact us in the next 3 days, we will prepare your data for the publications. Your personal company info will be leaked and will be in the news. This will lead to a fall of your stock.
>>> What guarantees?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals.
We always keep our promises.
>>> How to contact with us?
1. Download and install TOR Browser (https://www.torproject.org/).
2. Open http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/A9K0IM6DK7ILWAV908R3
>>> Warning! Recovery recommendations.
We strongly recommend you to do not MODIFY or REPAIR your files, that will damage them.
|
URLs |
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/A9K0IM6DK7ILWAV908R3 |
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample
5a8491587ab0f96ba141ae59365bc911
81KB
1ab2fac4f2dc92893a9f89fc6621f66bd47cb783
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2
97e760f60e4db99983d05db69776058cf2f2c5ab98adea76000001a94a24f3b23feee4464baa23cf49dfa017e331c3b8b19c9da5b696f961f63cd65fc864c5c7
BlackMatter ransomware group claims to be Darkside and REvil succesor.
Ransomware generally changes the extension on encrypted files.
Attempts to read the root path of hard drives other than the default C: drive.