An official at the Cybersecurity and Infrastructure Security Agency (CISA) is applauding the work of a private cybersecurity firm that, in collaboration with CISA, helped victims of the BlackMatter ransomware group, according to a new report from the New York Times.
At the center of the report, New Zealand cybersecurity firm, Emsisoft, worked with CISA and other agencies to help victims of the ransomware group to decrypt and regain access to their data without the group’s knowledge.
Eric Goldstein, CISA’s executive assistant director for cybersecurity, is quoted in the story as calling the effort a “model for public and private collaboration,” according to the New York Times. He also said CISA is working on a “whole-of-nation” plan to protect the nation and critical infrastructure from cyber threats.
“This type of collaboration is exactly why CISA created the Joint Cyber Defense Collaborative, which partners the Federal government with industry to identify threats and build collective resilience,” CISA said in a media release about the story.
CISA also noted in the release that the operation “highlighted one of CISA’s key priorities in action: operational collaboration with the private sector.”
CISA recently released a joint cyber advisory about the BlackMatter ransomware group and calls it a potential rebranding of the DarkSide ransomware group that was responsible for the Colonial Pipeline ransomware attack.
Another Ransomware Win
Additionally, Reuters reported on Oct. 21 of a multi-government operation that managed to knock Russian ransomware group REvil offline.
The group’s site disappeared in July after being named responsible for the widespread ransomware attack on software company Kaseya. A House Oversight request for a hearing on the FBI’s handling of the matter, cited prior reporting that this was a tactical disappearance, rather than a government operation such as this one.
According to Reuters, when the ransomware group restarted operations, it rebooted some of the systems that the government had already gained access to.