According to researchers, disappeared ransomware groups DarkSide and REvil have simply rebranded as Haron and BlackMatter. The two ransomware groups took down their leak sites and forums, going dark over the past several months. However, researchers claim that Haron and BlackMatter contain many of the hallmarks of the formerly active hacking groups. Both of the groups are focusing on wealthy targets who will be able to pay ransoms of millions of dollars. Like DarkSide, they’re also exhibiting some virtue signaling such as language about sparing hospitals, nonprofits, and critical infrastructure.
BlackMatter also promised free decryption in the event that the company accidentally affects the previously mentioned areas. The first sample of the Haron malware was submitted to VirusTotal, a South Korean cybersecurity firm. The firm found that there were several similarities between Haron and Avaddon, a prolific ransomware-as-a-service provider that disappeared in June. Avaddon released decryption keys and walked away from the ransomware-as-a-service arena. However, the appearance of the Haron malware may indicate that the grout never halted its activities at all.
Read More: BlackMatter & Haron, Evil Ransomware Newborns or Rebirths