Marketron marketing services hit by Blackmatter ransomware

BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.

Marketron provides cloud-based revenue and traffic management tools for broadcast and media organizations. It specializes in revenue management and audience engagement, handling advertising revenue of $5 billion every year.

In talks with BlackMatter ransomware

Marketron customers learned of the incident in an email on Sunday night from the company CEO, Jim Howard, who said that “the Russian criminal organization BlackMatter” was responsible for the attack.

This would be the second ransomware attack over the past weekend claimed by the BlackMatter, as the gang also breached the NEW Cooperative U.S. farmers organization, and demanded a $5.9 million ransom.

Howard is apologetic in his email to customers, saying that they do not know how the hackers breached the network since the company made significant investments recently in cybersecurity implementations designed to protect from intruders.

“This issue comes despite significant recent investments in separating backup and disaster recovery in different physical and network environments, instituting ‘zero trust’ access management policies, and new security detection and recovery tools” – Jim Howard, Marketron CEO

Howard also says that the company was communicating with the hackers as well as the Federal Bureau of Investigation (FBI) and that all efforts are towards restoring the systems as quickly as possible.

All services down

On Monday, Marketron announced the incident saying that it was dealing with a “cyber event” that disrupted some of its business operations and impacted all its customers.

“Currently, all Marketron services are offline,” the company announced, adding that the attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange, and Advertiser Portal services.

RadioTraffic and RepPak services were still standing but the company took them offline as a precaution. The only platforms that remained online were Pitch, Email Marketing, and Mobile Messaging.

Bo Bandy, Marketron’s VP of Marketing, disclosed the issues publicly on Monday saying that third-party forensic investigators were working “to understand the full nature and scope of the event, determine root cause, and to ensure the integrity, safety, and security of our systems and data.”

“We are unable to confirm the root cause of the event at this time and this investigation is very much on-going” – Bo Bandy, Marketron VP of Marketing

Bandy told BleepingComputer that the company discovered the attack and acted “to notify law enforcement, secure our systems and information, and contain the event.”

The BlackMatter ransomware is believed to be a rebrand of the DarkSide ransomware operation, which shut down after attacking Colonial Pipeline in May.

The gang has been highly active, hitting more than a dozen organizations this month alone. Its latest victims count organization such as:

• a wine and spirits company
• an investment banking services provider in the U.S.
• a vendor of citrus juicing equipment in Austria
• a maker of drilling and foundation equipment in Italy
• Japanese technology giant Olympus
• a US-based construction company
• a unified communications company in the UK