BlackLock Hackers Hacked

Last year researchers Resecurity identified a weakness in BlackLock's Data Leak Site (DLS), which gave them a way to monitor the criminal group’s network infrastructure and identify specific activity logs, hosting providers, and linked MEGA accounts used to store the data of its victims.

Now, Resecurity have used a vulnerability in the Dark Web site of a ransomware criminal group BlackLock to gather and review data about BlackLock’s planned attacks.

Named BlackLock or El Dorado or Eldorado, the ransomware-as-a-service (RaaS) group began in March 2024. In the last quarter of 2024 it increased its number of data leak posts by 1,425% quarter-on-quarter. 

This relatively new ransomware service group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025.

Earlier this year, Resecurity contacted the Canadian Centre for Cyber Security to share what it had learned about a planned data release from a Canada-based victim, 13 days before its publication by BlackLock. Operations hit were based in Argentina, Aruba, Brazil, Canada, Congo, Croatia, Peru, France, Italy, Spain, the Netherlands, the US, the UK and the UAE.

Resecurity says that BlackLock has probably attacked many more victims than is currently known, many could still be dealing with the problems.

There was a misconfiguration problem in BlackLock's website that allowed the researchers in and who were then able to access clearnet IP addresses related to the ransomware group's network infrastructure. By exploiting a Local File Include (LFI) vulnerability, in which a user tricks an application to expose files stored on a given server, the researchers were able to gather BlackLock config files and credentials. "The acquired history of commands was probably one of the biggest OPSEC failures of Blacklock Ransomware," said the researchers. "The collected artifacts included copy-pasted credentials the key actor managing the server used and a detailed chronology of victims’ data publication."

Resecurity believes that it's done enough damage to BlackLock to make sure that it can't recover, with its reputation amongst cybercriminal affiliates now critically undermined.

BlackLock was using file sharing service MEGA to store and transfer stolen data and Resecurity was able to identify eight distinct email addresses associated with the MEGA folders. The researchers suggest that this might indicate some sort of co-operation, or conversely a take-over by DragonForce. “It seems DragonForce wanted to shame the group and compromise their operations to eliminate competitors. On the other hand, such tactics could also be used as a ‘false flag’ to further transition to a new project,” Resecurity said.

"It is unclear if BlackLock ransomware started cooperating with DragonForce ransomware or silently transitioned under the new ownership.. The new masters likely took over the project and their affiliate base because of ransomware market consolidation, understanding their previous successors could be compromised, said Resecurity." Resecurity conclude. 

Resecurity   |  Tripwire   |   ITPro   |   Infosecurity Magazine   |   The Register   |   SC Magazine

Image: TSD Studio 

You Might Also Read: 

Essential Strategies To Prevent Ransomware Attacks:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Q-Day Could Lead To Hacking Nuclear Weapons
China Presents The Top Cyber & Military Challenge »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.

SecureDApp

SecureDApp

SecureDApp is a blockchain security company that specialises in offering comprehensive security solutions to companies operating in the web3 space.