From BlackMatter to BlackCat: Analyzing 2 attacks from 1 affiliate
Tiago Pereira 
CONFidence 2022 BlackCat is a growing, ransomware-as-a-service (RaaS) group that is said to be connected to the BlackMatter/DarkSide ransomware groups, infamous for attacking the Colonial Pipeline last year. In this presentation we will focus on the techniques and tools used by what we believe is an affiliate of both BlackCat and BlackMatter and describe how a BlackCat attack was carried out and how we can connect it to a previous BlackMatter attack. Understanding and keeping up with the techniques and tools used by RaaS affiliates is key in protecting from ransomware attacks, as these take place (frequently several days) before the actual ransomware is executed.