It is now well known that Revil and DarkSide, some of the famous and notorious ransomware gangs, have allegedly stopped its task and left the ransomware group. Interestingly, new ransomware gangs are now claiming to be the successor of these two gangs.
After the disappearance of the two ransomware gangs, that emergence of new ransomware gangs has left the question of possible rebranding. The new gang named BlackMatter is also looking for affiliates. They have also posted advertisements on two of the forums of cybercrime.
Connection with REvil
Some of the targeting rules that are followed by BlackMatter are similar to those claimed by REvil. Rules like not targeting the healthcare sector and the government and nonprofit facilities.
Also, they make use of the same tactics that REvil used, and the Windows registry key of REvil was labelled BlackLivesMatter.
These facts do point towards the possibility that REvil may not have retired completely, rather they took a small break from the attacks, although we cannot disregard the possibility that the new BlackMatter ransomware are simply copying the REvil intentionally to gain credibility easily and fast.
Connection to the DarkSide-
The leak site of BlackMatter is uncannily similar to the leak site of the DarkSide, which is currently defunct. Also they said that they would not attack any critical infrastructure.
Conclusion-
There is no concrete evidence of the connection between the gangs. To fill up the voids created by the silencing of the two gangs, new ransomware gangs are emerging.
