"Ransomware Data Theft Tool May Show a Shift in Extortion Tactics"

Exmatter, a data exfiltration malware previously associated with the BlackMatter ransomware group, is now being upgraded with data corruption functionality, which may indicate a new tactic that ransomware affiliates may employ in the future. The new sample was discovered by malware analysts with the Cyderes Special Operations team after a BlackCat ransomware attack. It was then shared with the Stairwell Threat Research team for further analysis. Symantec researchers found a similar sample deployed in a Noberus ransomware attack. Although BlackMatter affiliates have been using Exmatter since at least October 2021, this is the first time the malicious tool has been seen with a destructive module. Using data from one exfiltrated file to corrupt another file could be part of an attempt to avoid detection by ransomware or wiper heuristic-based detection, which could occur when using randomly generated data. This article continues to discuss changes being made to the Exmatter data exfiltration malware. 

Bleeping Computer reports "Ransomware Data Theft Tool May Show a Shift in Extortion Tactic"