BlackMatter
According to PCrisk, BlackMatter is a piece of malicious software categorized as ransomware. It operates by encrypting data for the purpose of making ransom demands for the decryption tools. In other words, files affected by BlackMatter are rendered inaccessible, and victims are asked to pay - to recover access to their data.
During the encryption process, files are appended with an extension consisting of a random character string. For example, a file initially named "1.jpg" would appear as something similar to "1.jpg.k5RO9fVOl". After this process is complete, the ransomware changes the desktop wallpaper and created a ransom note - "[random_string].README.txt" (e.g., k5RO9fVOl.README.txt).
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Apr 6, 2026 | 2 |
Further Reading
S-RM's incident response team discusses a new variant of data exfiltration malware, Exmatter, being used by a LockBit affiliate, which enables simultaneous remote code execution and data targeting.
With the release of SURGe's new ransomware research, Splunker Shannon Davis shares a closer look into measuring how fast ransomware encrypts files.
Protect your organization with Tesorion's advanced cybersecurity services, including threat detection, incident response, and compliance support.
Plus: Android trojan in 100,000+ app installs, Solaris malware
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are simila...
CISA has issued a security bulletin regarding the BlackMatter 'big game hunter' ransomware group following a sharp increase in cases targeting U.S. businesses. To mitigate these attacks, it is reco...