BlackMatter Ransomware Victims Helped Using Secret Decryptor

Share post:

Emsisoft has been secretly decrypting BlackMatter ransomware victims since the summer thanks to a vulnerability that allows the company to create a descryptor that recover victim’s files without paying a ransom.

Although Emsisoft alerted law enforcement agencies, ransomware negotiation companies, incident response companies, CERTS worldwide, and trusted partners regarding the decryptors, the company refused to make them public to prevent ransomware gangs from fixing the bugs.

Therefore, working quietly with Emsisoft enabled these trusted parties to refer BlackMatter victims to the company to recover their files instead of paying ransom. Apart from referring Emsisoft to victims, Emsisoft also contacted victims who were found through BlackMatter samples and publicly uploaded ransom notes on various websites.

BlackMatter became suspicious and angry with ransomware negotiators, because the victims refused to pay ransom. Later, the gang learned about the decryptor at the end of September and was then able to fix the bugs, which enabled Emsisoft to decrypt the files of the victims. However, victims, who were encrypted before the end of September, can still access Emsisoft via their Ransomware Recovery Service.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways