The FBI, NSA and CISA explain how to avoid this dangerous ransomware
BlackMatter, ransomware that worries
Of all the ransomware out there today, BlackMatter is one of particular concern to the FBI, NSA, and CISA. In fact, they have launched a warning alerting users and explaining what they must do to be protected against this important threat.
The three agencies have indicated that the activity of this ransomware began last July. It attacks corporate networks in the United States, but also in other countries, so we are facing a global threat. They claim that this malware has been responsible for having encrypted access to multiple systems and asking for ransoms that are even in the millions of dollars.
They state that this ransomware variant relies on the SMB protocol and takes advantage of built-in credentials. In this way, they can remotely encrypt the host. But in addition, BlackMatter also has a version for Linux operating systems, so they can encrypt VMware ESXi virtual servers. These servers are common in business environments.
But these three agencies send an important message, and that is that unlike other varieties of ransomware, BlackMatter not only encrypts files but deletes them directly. This is a major problem for companies that may have data that is relevant and vital to their operation.
Recommendations from the FBI, NSA, and CISA to avoid BlackMatter
The FBI, NSA, and CISA have shown a series of recommendations to be protected against this type of ransomware. This is actually advice similar to any other threat that could compromise our personal data and systems. Keep in mind that a ransomware attack can be quick.
The first and most important thing they recommend is to take good care of the passwords we use. Ultimately, it is the main security barrier that can prevent attackers from entering our computers and putting personal data at risk. We must always create keys that are solid, that have all the essential characteristics to be reliable.
But beyond using a strong password, a point to keep in mind is the possibility of activating two-step authentication. It is an extra security barrier that can further reduce the risk of an intruder entering our accounts and compromising security.
On the other hand, they ensure that one of the most effective methods against BlackMatter is to have the equipment correctly updated, with all kinds of patches installed. This is essential to reduce the risk of an intruder exploiting a vulnerability and putting security at risk.
One more piece of advice issued by these three agencies to combat BlackMatter is to limit access to resources through the network to those necessary services and user accounts. In addition, they recommend creating backups on a regular basis to mitigate possible attacks.