The ransomware-as-a-service group responsible for the Colonial Pipeline attack, is back as BlackMatter (Threatpost article). Starting in September with a $5.9 million attack on the Iowa Farm Cooperative they moved to tech company Olympus in October. Strong passwords, multi-factor authentication (MFA), network segmentation, and least privilege access are all recommended to help mitigate the spread. CISA: "Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocol to access the Active Directory (AD) to discover all hosts on the network. BlackMatter then remotely encrypts the hosts and shared drives as they are found."

Click here for a PDF version of the CISA report.

#infrastructure #cybersecurity