cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

CISA, FBI, NSA release BlackMatter ransomware advisory

The US agencies have jointly published new analysis regarding the growing threat posed by BlackMatter ransomware to critical infrastructure.

user iconReporter
Tue, 19 Oct 2021
CISA, FBI, NSA release BlackMatter ransomware advisory
expand image

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have published a cyber security advisory relating to BlackMatter intrusions targeting US critical infrastructure entities, including two US food and agriculture sector organisations.

BlackMatter – a ransomware-as-a-service (RaaS) tool – has been leveraged by malicious actors with embedded, previously compromised credentials, enabling them to access networks and remotely encrypt hosts and shared drives.

Once accessing a network, cyber criminals wiped or reformatted the data, which has not been stored in a secondary location.


The advisory, available on Stopransomware.gov, provides technical insight into the threat, drawing from samples of BlackMatter ransomware and information from trusted third parties

The publication also offers a range of mitigation strategies that can be employed by stakeholders, which include:

  • implementing and enforcing backup procedures;
  • using strong, unique passwords;
  • using multi-factor authentication; and
  • implementing network segmentation and traversal monitoring.

“This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” Eric Goldstein, executive assistant director for cyber security, CISA, said.

“CISA, FBI and NSA are taking every step possible to try to make it harder for cyber criminals to operate. Americans can help us in this long-term endeavour by visiting Stopransomware.gov to learn how to reduce their risk of becoming a victim of ransomware.”

Bryan Vorndran, assistant director of the FBI's Cyber Division, urged stakeholders to report cyber attacks, which he said have been underreported.

“By reporting a cyber incident, targeted entities are enhancing our ability to respond and investigate with the goal of disrupting cyber criminal operations,” he said.

“We will continue to leverage our unique authorities and capabilities to protect the American people from this threat; however, we cannot accomplish this alone.

“We remain committed to providing the public and our private sector partners with information that will bolster their ability to decrease vulnerabilities and increase awareness of potential exploits."

Rob Joyce, director of cyber security at NSA, stressed that ransomware attacks are no longer isolated incidents affecting targeted companies, but have “risen to a national security issue”.

“NSA’s technical skills and threat intelligence will continue to support our partners across government and industry to degrade adversary footholds into networks where they launch ransomware,” Joyce added.

“Employing the mitigations in the joint advisory with CISA and FBI will protect networks and mitigate the risk against BlackMatter and other ransomware attacks.”

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.