Based on their homepage, BlackMatter will not attack hospitals, critical infrastructure facilities, defense industry, non-profit organizations, and government entities. This proclamation is similar to DarkSide’s, however, DarkSide’s attack on the Colonial Pipeline proved their statement to be false. If BlackMatter claims their ransomware is more advanced than REvil, DarkSide, and Lockbit, then they pose a huge threat to any organization. While relatively new, BlackMatter has already breached three entities and posted information on their blog page. Considering how quickly they have acted, it is evident BlackMatter is an experienced group, thus, fueling the belief that they are DarkSide rebranded.
It remains unclear the relationship between BlackMatter and its predecessors DarkSide and REvil. While the BlackMatter spokesperson claims that they are not DarkSide rebranded, there is evidence of similarity between the two such as the webpage design and their proclamation of entities that they will not attack. BlackMatter representative’s claim of not being DarkSide rebranded is also questionable based on the fact that it is difficult to believe the developers of DarkSide, REvil, and LockBit would share their precious source code. Whether or not they are a new group, DarkSide rebranded, or a team-up of DarkSide and REvil, BlackMatter will without a doubt pose a threat to many organizations.