CISA, FBI and NSA release advisory related to BlackMatter Ransomware

On October 18, 2021, CISA, FBI and the NSA released Alert (AA21-291A) to provide updates and additional information related to BlackMatter Ransomware. BlackMatter was first discovered in July 2021 and has been primarily targeting US critical infrastructure and Federal agencies. The attack leverages previously compromised credentials and uses LDAP and SMB to gain access to the Active Directory service to map and enumerate all potential hosts in the network. Once identified all available host and shared drives are encrypted and the data is also exfiltrated. The report outlines multiple recommendations to prevent this malware from successfully launching, including implementing multifactor authentication, deploying signature detection services and developing network segmentation architectures. The report and recommendations can be found here.