Ransomware – Our new campaign
September 17, 2021Ransomware – The Kick-Off
October 27, 2021Ignition Technology Takes A Look At Ransomware Attack on Technology Giant, Olympus
BlackMatter is a new ransomware threat that was found in late July of this year. Despite having been around for such a short space of time, BlackMatter has already been held responsible for a number of ransomware attacks, including it’s most high profile attack on the multinational tech company, Olympus.
Investigating BlackMatter with BlackBerry Protect
At Ignition, we ran internal tests to see just how effective BlackBerry’s AI-Driven anti-malware solution, BlackBerry Protect, would be at stopping this latest threat. A sample of the malware (SHA-256: 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6) was found online on a reputable malware repository site, and then run through a number of tests.
The first test involved BlackMatter being tested against the latest stable version of BlackBerry Protect, the second test involved the same version of BlackBerry Protect, but after being put in offline mode through lack of network connectivity. The third and final test saw BlackMatter Ransomware pitted against a 26 month old version (that had not been updated) of BlackBerry Protect – released a whole two years before BlackMatter was first seen out in the wild. On all three of the tests, the ransomware executable was downloaded onto a local machine, and on all three of the tests, BlackBerry Protect was able to scan and swiftly quarantine the ransomware file. Proving the high efficacy of BlackBerry Protect and its ability to quarantine threats that have never before been seen.
Measuring the effectiveness of BlackBerry Protect
The effectiveness of BlackBerry Protect comes largely from the fact that it is completely non-reliant upon signatures, instead using its market leading Artificial Intelligence (AI) engine to understand how an executable file is structured and what purpose the file serves. This is why the older BlackBerry Protect agent was able to quarantine the ransomware. The agent didn’t have to rely upon the file having already been seen, and thus a signature being written for it, it was able to make a decision based on the make-up of the file itself. Another point observed during testing was the ability of BlackBerry Protect to work offline. The AI engine, responsible for categorising a file, sits locally on the endpoint- meaning that even if network connectivity is lost, the BlackBerry Protect agent and its features are not affected.
BlackMatter vs BlackBerry Protect Summary
Critics may argue that Ransomware strains such as BlackMatter have many variations and thus such testing proves little, but, as alluded to before, due to the predictive ML-built analysis of BlackBerry Protect, it is able to protect against variations never seen anywhere before, providing true Zero-day protection.
Take A Closer Look At BlackBerry Protect
Do you want to find out more about BlackBerry Protect? Get in touch with the Ignition Technology BlackBerry team, blackberry@ignition-technology.com or visit the website for more information and resources here.