Summary: Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing significant operational security flaws and exposing data linked to its activities. A critical vulnerability was identified in their Data Leak Site (DLS), allowing access to sensitive configuration files and command histories. This incident highlights the increasing complexity of ransomware operations and their interconnections in the underground economy.
Affected: BlackLock Ransomware Group, various organizations globally
Keypoints :
- Resecurity uncovered a local file inclusion (LFI) vulnerability in BlackLockβs DLS, leading to the exposure of sensitive information.
- BlackLock, a rebranded strain initially derived from Eldorado, is targeting numerous sectors with at least 46 listed victims globally.
- The DLS was reportedly defaced by rival group DragonForce, suggesting possible collaboration or takeover between the two organizations.
Source: https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html