Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Prevents: BlackMatter Malware 

First identified in July 2021, BlackMatter is a new player in the Ransomware-as-as-Service (RaaS) arena, which reports have linked to the recent compromise of a major global medical technology provider. Many researchers have drawn similarities between BlackMatter and the recently retired Russian ransomware gang DarkSide. However, a spokesperson for BlackMatter insists they are not the same operators. 

DEMO VIDEO: BlackBerry vs. BlackMatter Malware

BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.

BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are well-equipped to mitigate the risks posed by threat actors: 

  • BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement. 
  • BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.  
  • The BlackBerry® Mobile Threat Defense (MTD) solution prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager (UEM) with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment. 
  • BlackBerry® Persona creates trust based on behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication. 
  • BlackBerry Guard customers are proactively protected from BlackMatter malware attacks. Our 24/7 MDR solution customers receive:  
    • Alerts monitored in real-time  
    • Corrective policies applied while discovering gaps in policy implementation  
    • Prioritized threat hunting  
    • The latest threat intelligence for fast-moving threats  

Prevention First

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain. 

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure. 

BlackBerry Assistance

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. 

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form. 

Learn more about BlackMatter malware in our new deep-dive blog, Threat Thursday: BlackMatter Ransomware-as-a-Service.

Demo Video Transcription

“In this demo, we will see how BlackMatter encrypts a victim’s machine. BlackBerry Optics has been configured in Audit-Only mode and BlackBerry Gateway’s Work Mode has been disabled to allow malware execution and C2 Communication.

Upon execution, BlackMatter loads the required libraries into memory, if required, it will attempt to elevate privileges and bypass UAC, BlackBerry Protect can identify this activity in memory. BlackMatter quickly executes the encryption process and displays the typical wallpaper to inform compromise along with a ransom note with further instructions.

On our console, we can have a better look at what just happened. We can automatically detonate and analyze this file for forensic purposes, by looking at the static analysis, we can identify the libraries loaded, network activity while trying to communicate with its C2, as well as behavioral information like the mutex it creates.

We can conduct root-cause analysis by analyzing its focus data, our EDR collects all the iterations and how it loaded itself into memory. By making an introspection, we get a step-by-step analysis, C2 information is visible, how it deletes multiple services to prevent system recovery and any additional steps taken by this ransomware.

From a Zero Trust Network Access (ZTNA) perspective, this same attack, on a system protected by BlackBerry Gateway, could have been identified and prevented C2 Communication.

Once again, let’s travel back to October 2015, no Internet connectivity, let’s see how our Cylance® AI model can prevent this particular sample. BlackMatter 2.0 is identified in pre-execution in no time.

Now let’s try again with 40 different variants of this ransomware family, we will try to execute them in sequence, one by one. 40 additional samples identified and quarantined in seconds.

As a bonus, we have noticed BlackMatter also has Linux® versions, let’s see if it has a chance against our AI models for Linux. We will copy the file to our test system, our model is able to detect and convict this sample even before we can actually try to execute.

Prevention is possible with BlackBerry.”

The BlackBerry Research & Intelligence Team

About The BlackBerry Research & Intelligence Team

The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.