There are many security threats that we can find on the Internet. Many types of viruses and malware in general that can compromise our systems, steal passwords or allow an intruder to access confidential content. However, one of the most important problems is ransomware. In this article we echo the warning that the FBI, NSA and CISA have given about the BlackMatter ransomware and how to be protected.
BlackMatter, a ransomware that worries
Among all the ransomware currently out there, BlackMatter is one of particular concern to FBI, NSA and CISA. In fact, they have launched a warning alerting users and explaining what they must do to be protected against this important threat.
The three agencies have indicated that the activity of this ransomware began last July. Attack the corporate networks from the United States, but also from other countries, so we are facing a global threat. They claim that this malware has been responsible for having encrypted access to multiple systems and asking for ransoms that are even in the millions of dollars.
They indicate that this ransomware variant is based on the SMB protocol and takes advantage of built-in credentials. In this way they can remotely encrypt the host. But in addition, BlackMatter also has a version for Linux operating systems, so they can encrypt VMware ESXi virtual servers. These servers are common in business environments.
But these three agencies send out an important message, and that is that unlike other varieties of ransomware, BlackMatter not only encrypts files, but deletes them directly. This is a major problem for companies that may have data that is relevant and vital to their operation.
Recommendations from the FBI, NSA and CISA to avoid BlackMatter
From the FBI, NSA and CISA they have shown a series of recommendations to be protected against this type of ransomware. They are actually advice similar to any other threat that could compromise our personal data and systems. Keep in mind that a ransomware attack can be quick.
The first and most important thing they recommend is take good care of passwords what do we use. Ultimately, it is the main security barrier that can prevent attackers from entering our computers and putting personal data at risk. We must always create keys that are solid, that have all the essential characteristics to be reliable.
But beyond using a secure password, a point to take into account is the possibility of activating the two-step authentication. It is an extra security barrier that can further reduce the risk of an intruder entering our accounts and compromising security.
On the other hand, they ensure that one of the most effective methods against BlackMatter is to have the equipment correctly updated, with all kinds of patches installed. This is essential to reduce the risk of an intruder exploiting a vulnerability and putting security at risk.
One more piece of advice issued by these three agencies to combat BlackMatter is to limit access to resources through the network to those necessary services and user accounts. In addition, they recommend create backups periodically to mitigate possible attacks.