The ransom pirates REvil and DarkSide are back with a new name and new principles


The disappearance of the world’s most famous ransomware group represented by REvil this month raised many questions and speculations about the reason for the sudden disappearance, after targeting the American software company Kaseya, whose attack led to encrypting and stopping the networks of more than 1,500 companies around the world.

Before that, the destructive DarkSide ransomware group vanished from the dark web after targeting the most important oil pipelines in America, taking millions of dollars in ransom from Colonial Pipeline.

This week, a new ransomware group named BlackMatter appeared, in which the new group project combined the best features of DarkSide, REvil and LockBit, with new professional principles and rules for affiliates.

The group aims to target companies in the United States, Canada, Australia and the United Kingdom only, focusing only on large companies with more than $100 million in annual income.

BlackMatter prohibits its affiliates from targeting hospitals, critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities), oil and gas industry companies (pipelines, oil refineries), the defense industry, non-profit organizations and associations, as well as the government sector.