Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

BlackMatter and Haron ransomware groups emerge after DarkSide and REvil disappear

ransomware-virus-freepik
July 29, 2021

A new ransomware group launched into operation this week, claiming to combine the best features of the now-defunct Darkside and REvil ransomware groups. Named BlackMatter, the group is currently recruiting affiliates (collaborators) through ads posted on two cybercrime forums named Exploit and XSS.

According to security firm Recorded Future, BlackMatter claims the project "has incorporated in itself the best features of DarkSide, REvil, and LockBit." In their blog, the threat actor group claims not to conduct attacks against organizations in several industries, including healthcare, critical infrastructure, oil and gas, defense, non-profit, and government.

BlackMatter, a member of the top-tier forum Exploit and likely an operator of BlackMatter ransomware, is currently advertising the purchase of access to corporate networks in the US, Canada, Australia, and the U.K. The threat actor is interested in all industries, except healthcare and governments, and has the following requirements for targets:

  • Revenue of $100 million and more
  • 500-15,000 hosts in the network

BlackMatter, like most top-tier ransomware gangs today, also operates a website on the dark web - or leak site - where it intends to publish data they steal from their victims if the hacked company does not pay the ransom. Because the site is currently empty, Recorded Future analysts believe the group only launched this week and has not yet begun targeting any big corporations. 

Sean Nikkel, Senior Cyber Threat Intel Analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, says, "More threat actors are doing their due diligence when it comes to selecting victims. We've seen time and again when they have some knowledge around key personalities within an organization, revenue, size, and even customers, so the idea of big game hunting seems to be in line with observed ransomware trends.

Nikkel adds, "The interesting twist is the continued public stance against specific industries and promises to help victims. While REvil had publicly stated that everything was fair game previously, maybe this cooling-off period from previous attention has forced a change of heart if it is indeed them coming back. Either way, time will tell if these groups are the repackaged or rebranded versions of adversaries we knew from before or if they'll even follow their own rules."

A second group is calling itself Haron, also discovered in July 2021. According to Ars Technica, a sample of the Haron malware was first submitted to VirusTotal on July 19. Three days later, South Korean security firm S2W Lab discussed the group in a post. Most of the group's site on the dark web is password protected by "extremely weak credentials." Past the login page, there's a list of alleged targets, a chat transcript, and the group's explanation of its mission. In addition, Haron is using Thanos Ransomware to infect victims. Thanos is a ransomware-as-a-service that has been sold since 2019. 

Both groups claim their goal is to target corporations and large businesses with the money to pay ransoms in the millions of dollars. The news of the two ransomware groups comes on the heels of recent ransomware attacks of Colonial Pipeline, meatpacker JBS, and managed network provider Kaseya - all of which caused massive disruptions and drew the attention of U.S. federal agencies and President Joe Biden, inspiring legislation to modernize critical infrastructure and defend industrial controls against cybercriminals. 

Andrew Barratt, Managing Principal, Solutions and Investigations at Coalfire, a Westminster, Colo.-based provider of cybersecurity advisory services, says, "Ransomware is really the rapid monetization unicorn of cybercriminals of the moment. With large-scale ransoms being paid, easy execution, and a very broad attack surface, criminals are less likely to be targeting data for sale or payment card information for onward fraudulent use. Ransomware can be executed by rogue nations, terrorist organizations, as well as large-scale organized crime. It can be bought on a SaaS basis and delivers quite a high return. Until we stop paying out on ransoms, we're going to see more attacks. Monetary incentives trump everything from a criminal perspective. However, the ability to pivot the attack to be debilitating to an organization for either extortion or espionage is what makes this the threat that isn't going away anytime soon."

Security researchers at Recorded Future questioned if BlackMatter has connections to either DarkSide or REvil, which suddenly went dark after the cyberattacks on JBS and Kaseya and Colonial Pipeline, which generated more attention than the groups wanted. "Anyone who attributed the disappearance of REvil to actions by law enforcement, and hasn't anticipated a re-emergence, should rethink things. There is also a good chance that REvil decided proactively to take down everything and to re-emerge, just to make tracking and tracing even more difficult," says Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), now part of Netwrix, a provider of change management software.

Schrader explains, "Any saber-rattling by the U.S. Government about kinetic responses and hack-backs will not change the situation. Ransomware groups will continue to look for attack vectors that are likely to have a higher motivation for payment, and that is the next evolution in this business. We already see the early effects: Kaseya, SolarWinds, tools that promise access to high-value assets, where an organization's revenue stream and reputation depend. The recently added capability of encrypting ESXi servers is a harbinger of what will come, and CISA's recent alert about the top routinely exploited vulnerabilities includes a warning about CVE-2021-21985 as well. In essence, not paying a ransom is the only angle that will – over time – eradicate ransomware. And to be positioned for that, companies will have to minimize and protect their attack surface, harden their systems and infrastructure, manage existing accounts properly and delete old ones, patch vulnerabilities according to risks, and be able to operate in a cyber-resilient manner when under attack."

KEYWORDS: critical infrastructure cyber security ransomware risk management supply chain security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-security-data-freepik

    CISA publishes malware analysis report and updates alert on DarkSide ransomware

    See More
  • ransomware-virus-freepik

    CISA issues advisory on BlackMatter ransomware

    See More
  • ransomware-attack freepik

    BlackMatter's ransomware attack on NEW Cooperative may impact food supply chain

    See More

Related Products

See More Products
  • contemporary.jpg

    Contemporary Security Management, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!