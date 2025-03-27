Operations of the BlackLock ransomware-as-a-service gang which was poised to be among the most prolific RaaS groups this year despite only emerging last March have been disrupted by Resecurity researchers after exploiting a misconfiguration within the group's data leak site, according to Security Affairs

Abuse of the leak site's local file include flaw exposed BlackLock's clearnet IP addresses associated with its network infrastructure behind TOR hidden services, as well as other server-side service details, reported Resecurity researchers. Further infiltration of BlackLock, also known as El Dorado Ransomware, also uncovered eight MEGA accounts leveraged by the RaaS operation in managing data stolen from its victims, which include IT providers, healthcare organizations, and government entities around the world. BlackLock has also been associated with the Mamona ransomware gang, which has also shut down operations. However, the DragonForce ransomware gang has picked up the slack, with researchers expecting the group to soon include BlackLock's affiliates.