BlackLock Hackers Hacked

Uploaded on 2025-04-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Last year researchers Resecurity identified a weakness in BlackLock's Data Leak Site (DLS), which gave them a way to monitor the criminal group’s network infrastructure and identify specific activity logs, hosting providers, and linked MEGA accounts used to store the data of its victims.

Now, Resecurity have used a vulnerability in the Dark Web site of a ransomware criminal group BlackLock to gather and review data about BlackLock’s planned attacks.

Named BlackLock or El Dorado or Eldorado, the ransomware-as-a-service (RaaS) group began in March 2024. In the last quarter of 2024 it increased its number of data leak posts by 1,425% quarter-on-quarter. 

This relatively new ransomware service group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025.

Earlier this year, Resecurity contacted the Canadian Centre for Cyber Security to share what it had learned about a planned data release from a Canada-based victim, 13 days before its publication by BlackLock. Operations hit were based in Argentina, Aruba, Brazil, Canada, Congo, Croatia, Peru, France, Italy, Spain, the Netherlands, the US, the UK and the UAE.

Resecurity says that BlackLock has probably attacked many more victims than is currently known, many could still be dealing with the problems.

There was a misconfiguration problem in BlackLock's website that allowed the researchers in and who were then able to access clearnet IP addresses related to the ransomware group's network infrastructure. By exploiting a Local File Include (LFI) vulnerability, in which a user tricks an application to expose files stored on a given server, the researchers were able to gather BlackLock config files and credentials. "The acquired history of commands was probably one of the biggest OPSEC failures of Blacklock Ransomware," said the researchers. "The collected artifacts included copy-pasted credentials the key actor managing the server used and a detailed chronology of victims’ data publication."

Resecurity believes that it's done enough damage to BlackLock to make sure that it can't recover, with its reputation amongst cybercriminal affiliates now critically undermined.

BlackLock was using file sharing service MEGA to store and transfer stolen data and Resecurity was able to identify eight distinct email addresses associated with the MEGA folders. The researchers suggest that this might indicate some sort of co-operation, or conversely a take-over by DragonForce. “It seems DragonForce wanted to shame the group and compromise their operations to eliminate competitors. On the other hand, such tactics could also be used as a ‘false flag’ to further transition to a new project,” Resecurity said.

"It is unclear if BlackLock ransomware started cooperating with DragonForce ransomware or silently transitioned under the new ownership.. The new masters likely took over the project and their affiliate base because of ransomware market consolidation, understanding their previous successors could be compromised, said Resecurity." Resecurity conclude. 

Resecurity   |  Tripwire   |   ITPro   |   Infosecurity Magazine   |   The Register   |   SC Magazine

Image: TSD Studio 

You Might Also Read: 

Essential Strategies To Prevent Ransomware Attacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Q-Day Could Lead To Hacking Nuclear Weapons
China Presents The Top Cyber & Military Challenge »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.