Detecting BlackMatter ransomware
BlackMatter ransomware campaigns involve the use of ransomware payloads along with exfiltration of data. Malicious actors demand payment for ransom of data, as well as threaten the deletion and exposure of exfiltrated data.
You are an analyst responsible for your organization's overall security posture. You need to be able to detect and investigate unusual activities that might relate to BlackMatter ransomware. These searches will help you detect and investigate these infections.
Required data
How to use Splunk software for this use case
Next steps
In addition, these Splunk resources might help you understand and implement this use case: