06-04, 15:30–16:00 (US/Eastern), Grand Salon
Ransomware, and malware as a whole, does not exist in a vacuum; it is often developed to accomplish a goal, whether to further an espionage campaign or for monetary gain. Ransomware, in particular, is a fast-moving landscape driven by an intricate web of operators, tools and mystery. BlackMatter ransomware emerged in July 2021 as the successor to DarkSide ransomware, only to be shut down a few short months later...or was it? Besides amassing a large portfolio of victims, the BlackMatter operators released several versions of the ransomware. Recorded Future was the first to openly publish technical details on BlackMatter, as well as interview the ransomware operators themselves. In this session, we will take you through our discovery of the BlackMatter ransomware group and its evolution through the shutdown as well as provide a technical deep dive on the Windows, PowerShell and Linux ransomware itself. We will also address how this evolution trend shows up in the larger ransomware operator landscape, especially among sophisticated actors.
This talk will be a combined technical discussion of the malware and its evolution as well as the dark web aspects of the RaaS and how it has evolved to new groups.
James Niven is a Principal Threat Researcher at Recorded Future that focuses on Russian based ransomware.
Lindsay Kaye is the Director of Operational Outcomes for Insikt Group at Recorded Future. Her primary focus is driving the creation of actionable technical intelligence - providing endpoint, network and other detections that can be used to detect technical threats to organizational systems. Lindsay’s technical specialty and passion is malware analysis and reverse engineering. She received a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.