Summary: Resecurity has uncovered a Local File Include (LFI) vulnerability in the Data Leak Site (DLS) utilized by BlackLock Ransomware, enabling the exposure of sensitive operational data and IP addresses. This revelation assists in the investigation and disruption of the ransomware activity, which has rapidly grown, becoming increasingly aggressive with a significant rise in data leak incidents. The affected organizations span multiple sectors and countries, highlighting the extensive reach of BlackLock’s operations.
Affected: BlackLock Ransomware and its victims (various organizations worldwide)
Keypoints :
- Identified LFI vulnerability exploited through a misconfigured web application.
- Information disclosure led to the uncovering of critical details regarding threat actor operations and infrastructure.
- Resecurity has documented a rapid growth in BlackLock Ransomware’s activities, indicating a potential threat to various sectors.
- Links to additional ransomware groups, with indications of a possible transition to DragonForce amidst the downfall of BlackLock and Mamona.