Currently, it is unclear if Haron and BlackMatter ransomware gangs have been started by now-defunct REvil and DarkSide ransomware operators.
Not so long ago, we saw the disappearance of the DarkSide ransomware group after their attacks on US Pipelines. Afterward, just recently, the REvil group also disappeared following intense pressure by the US government after they attacked IT firms across the United States.
Yet, to make up for their absence, two new ransomware groups have appeared adding to the Ransomware as a Service (RaaS) frenzy.
Named Haron and BlackMatter, the ransomware groups are believed to be eyeing profitable targets which mean businesses certainly won’t be safe.
Talking about Haron, a sample of it was first discovered on VirusTotal on the 19th of July which was termed by S2W Lab researchers as being similar to the Avaddon ransomware. This attribution was because of the similarity found in their ransom messages, websites, and other content publicly available.
However, it is using the C# language which according to the researchers is used by the Thanos ransomware which is already public. The fact that a public version of another ransomware is being used hints at the notion that the Haron group isn’t very skilled considering they did not develop their custom code.
On the other hand, the BlackMatter ransomware group has announced that it would not target the defense industry, non-profit organizations, hospitals, and government agencies.
This is similar to the stance other groups before it took such as DarkSide. Additionally, the group has also laid out its target preferences in a public message as shown below:
As seen in the above screenshot, the group is letting others know of their potential purchase price for such access which goes from $3000 to $100,000.
To conclude, currently, we do not know for sure if these 2 groups have been started by the same cybercriminals from previous ransomware groups. It is only speculative at this point seeing their similarities but it wouldn’t be surprising considering that it has happened in the past.