BlackMatter Ransomware Victims Helped Using Secret Decryptor

Emsisoft has been secretly decrypting BlackMatter ransomware victims since the summer thanks to a vulnerability that allows the company to create a descryptor that recover victim’s files without paying a ransom.

Although Emsisoft alerted law enforcement agencies, ransomware negotiation companies, incident response companies, CERTS worldwide, and trusted partners regarding the decryptors, the company refused to make them public to prevent ransomware gangs from fixing the bugs.

Therefore, working quietly with Emsisoft enabled these trusted parties to refer BlackMatter victims to the company to recover their files instead of paying ransom. Apart from referring Emsisoft to victims, Emsisoft also contacted victims who were found through BlackMatter samples and publicly uploaded ransom notes on various websites.

BlackMatter became suspicious and angry with ransomware negotiators, because the victims refused to pay ransom. Later, the gang learned about the decryptor at the end of September and was then able to fix the bugs, which enabled Emsisoft to decrypt the files of the victims. However, victims, who were encrypted before the end of September, can still access Emsisoft via their Ransomware Recovery Service.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web