Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool

The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports.

The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports.

Dubbed Exmatter, the custom tool allows BlackMatter ransomware-as-a-service (RaaS) operators to easily target data of value from the compromised systems, which suggests they are looking to make their attacks faster.

Exmatter has been designed to grab specific file types from selected directories and to upload them to attacker-controlled servers before the ransomware itself is executed on the compromised systems.

Compiled as a .NET executable, the tool attempts to hide its window if specific command line arguments are found. It then proceeds to collect all drive names and file paths on the system, excluding specific directories, files with specific attributes and files of less than 1,024 bytes in size.

The attackers have been working on refining Exmatter, with multiple variants of the tool observed to date, but with only minor differences between them, Symantec said in a Monday report.

Since July 2021, BlackMatter has been used in attacks on multiple organizations worldwide, including critical infrastructure entities in the United States.

BlackMatter has been linked to the Coreid cybercrime group, which also operated the Darkside ransomware. Over the past 12 months, the group has been engaged in a variety of high-profile attacks, such as the May 2021 assault on Colonial Pipeline.

“Like most ransomware actors, attacks linked to Coreid steal victims’ data and the group then threatens to publish it to further pressure victims into paying the ransom demand. Whether Exmatter is the creation of Coreid itself or one of its affiliates remains to be seen, but its development suggests that data theft and extortion continues to be a core focus of the group,” Symantec concludes.

Advertisement. Scroll to continue reading.

Related: U.S. Government Issues Urgent Warning on BlackMatter Ransomware

Related: Ransomware Group Demands Millions From U.S. Farmer Cooperative

Related: Get Ready for PYSA Ransomware Attacks Against Linux Systems

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.