The BlackMatter ransomware collective announced Wednesday the closure of their operations, effective November 5. In the blog post, BlackMatter claimed that some of its key members are no longer “available,” which, if true, could be an indication that BlackMatter-affiliated threat actors may have been compromised or made the decision to no longer partake in ransomware activities.
However, it’s important to note that when a ransomware collective goes dark—such as the apparent case here with BlackMatter, or with REvil—it doesn’t necessarily mean that the threat actors associated with the group will cease future illicit cybercrime activities.
This news announcement comes on the heels of a major Europol operation in Switzerland and Ukraine, conducted in concert with US law enforcement, in which 12 people accused of running ransomware operations were targeted in raids on October 29. The targets reportedly had more than 1,800 victims in 71 countries.