BlackLock Hackers Hacked

Uploaded on 2025-04-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Last year researchers Resecurity identified a weakness in BlackLock's Data Leak Site (DLS), which gave them a way to monitor the criminal group’s network infrastructure and identify specific activity logs, hosting providers, and linked MEGA accounts used to store the data of its victims.

Now, Resecurity have used a vulnerability in the Dark Web site of a ransomware criminal group BlackLock to gather and review data about BlackLock’s planned attacks.

Named BlackLock or El Dorado or Eldorado, the ransomware-as-a-service (RaaS) group began in March 2024. In the last quarter of 2024 it increased its number of data leak posts by 1,425% quarter-on-quarter. 

This relatively new ransomware service group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025.

Earlier this year, Resecurity contacted the Canadian Centre for Cyber Security to share what it had learned about a planned data release from a Canada-based victim, 13 days before its publication by BlackLock. Operations hit were based in Argentina, Aruba, Brazil, Canada, Congo, Croatia, Peru, France, Italy, Spain, the Netherlands, the US, the UK and the UAE.

Resecurity says that BlackLock has probably attacked many more victims than is currently known, many could still be dealing with the problems.

There was a misconfiguration problem in BlackLock's website that allowed the researchers in and who were then able to access clearnet IP addresses related to the ransomware group's network infrastructure. By exploiting a Local File Include (LFI) vulnerability, in which a user tricks an application to expose files stored on a given server, the researchers were able to gather BlackLock config files and credentials. "The acquired history of commands was probably one of the biggest OPSEC failures of Blacklock Ransomware," said the researchers. "The collected artifacts included copy-pasted credentials the key actor managing the server used and a detailed chronology of victims’ data publication."

Resecurity believes that it's done enough damage to BlackLock to make sure that it can't recover, with its reputation amongst cybercriminal affiliates now critically undermined.

BlackLock was using file sharing service MEGA to store and transfer stolen data and Resecurity was able to identify eight distinct email addresses associated with the MEGA folders. The researchers suggest that this might indicate some sort of co-operation, or conversely a take-over by DragonForce. “It seems DragonForce wanted to shame the group and compromise their operations to eliminate competitors. On the other hand, such tactics could also be used as a ‘false flag’ to further transition to a new project,” Resecurity said.

"It is unclear if BlackLock ransomware started cooperating with DragonForce ransomware or silently transitioned under the new ownership.. The new masters likely took over the project and their affiliate base because of ransomware market consolidation, understanding their previous successors could be compromised, said Resecurity." Resecurity conclude. 

Resecurity   |  Tripwire   |   ITPro   |   Infosecurity Magazine   |   The Register   |   SC Magazine

Image: TSD Studio 

You Might Also Read: 

Essential Strategies To Prevent Ransomware Attacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Q-Day Could Lead To Hacking Nuclear Weapons
China Presents The Top Cyber & Military Challenge »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Ignyte Assurance Platform

Ignyte Assurance Platform

Ignyte Assurance Platform™ is a leader in collaborative security and integrated GRC solutions for global corporations in Healthcare, Defense, and Technology.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.