Ransomware Expert Offer Insights On BlackMatter Data Exfiltration Tool

BACKGROUND:

The ransomware group BlackMatter has developed a custom data exfiltration tool, dubbed Exmatter, that allows operators to easily target data of value, suggesting that they are looking to make their attacks faster. 

Experts Comments

November 03, 2021
Dr. Darren Williams
Founder and CEO
BlackFog

It’s not surprising that they are focusing specifically on extracting data, given these are ultimately the crown jewels of any organization from customer data to trade secrets and employee information. Any data that can be used for extortion is fair game and so it makes sense to focus on this from the attacker’s perspective. The approach is not really new though – most ransomware uses some form of exfiltration already, they just use different approaches to do this. This particular example

.....Read More

It’s not surprising that they are focusing specifically on extracting data, given these are ultimately the crown jewels of any organization from customer data to trade secrets and employee information. Any data that can be used for extortion is fair game and so it makes sense to focus on this from the attacker’s perspective. The approach is not really new though – most ransomware uses some form of exfiltration already, they just use different approaches to do this. This particular example is exfiltrating the data before putting up a paywall, which is a different sequence than we typically see. I am not sure I would say it is more dangerous than any others though, just a slightly different approach. 

The lack of repercussions and danger associated with ransomware continues to attract new entrants on a daily basis. There are virtually no barriers to entry and it is very easy to work with many of these gangs and utilize their technologies, so the attacks will only continue to grow.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.