Criminals lose millions because of code errors that researchers secretly used to help victims

Researchers from Emsisoft prevented the cyber-criminals behind BlackMatter ransomwarea making millions of dollars by discovering a ransomware bug that allowed victims to decrypt files without paying a ransom.

They are researchers described in detail how they managed to hide from criminals to have a solution, saving several victims from paying ransom.

BlackMatter has been active since July this year, but it has actually been around much longer. Experts agree that BlackMatter is a rebranded version of DarkSide ransomware.

DarkSide has become known as the culprit for attack on the largest American oil pipeline Colonial Pipeline. The incident led to a shortage of gas and fuel along the northeastern coast of the United States, while criminals left with millions of dollars when Colonial Pipeline paid the ransom.

But the attack did not go unnoticed and soon after The White House has promised to take action against those responsible, DarkSide has lost control of part of its infrastructure and some of their Bitcoin wallets have been seized. The group seemed to have disappeared after that.

However, DarkSide soon reappeared as BlackMatter and it seems that the cybercriminals behind the BlackMatter attack are not in the least scared about the actions of the US government. They launched a series of ransomware attacks on companies in the United States.

BlackMatter posts on hacker forums in which the group offered access to hacked networks in the US, Canada, the UK and Australia claimed that BlackMatter would not attack hospitals and government institutions. But the group denied itself.

In December last year, Emsisoft researchers noticed a mistake made by the authors of DarkSide ransomware that allowed decryption of data encrypted by the Windows version of ransomware without paying a ransom, although criminals corrected it in January.

However, it turned out that the group once again made a similar error in the BlackMatter ransomware code that allowed victims to decrypt files without paying a ransom. Emsisoft quietly helped the victims and thus prevented criminals from earning tens of millions of dollars.

Unfortunately, BlackMatter eventually realized something was wrong and corrected the error.

BlackMatter is likely to continue the attacks but these mistakes have probably tarnished their reputation in cybercrime circles, so it is not impossible for them to leave the BlackMatter project and appear under another name.

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!