There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
The BlackLock ransomware group has become one of the most prolific operators in the
Ransomware as a Service (RaaS) ecosystem, with experts warning it could accelerate its growth over the next year.
Also known as El Dorado, BlackLock was ranked as the the seventh most active ransomware group based on the number of posts on its
data leak site by the end of 2024, marking a 1,425% growth from Q3.
Security firm
ReliaQuest recently published
research on the group and its rise to prominence, detailing its TTPs and why the operation has seen so much success in recent years.
The group were among the top three most active collectives on the
RAMP forum, whose community listed BlackLock among the top ransomware operators in terms of their reputation on the site.
Reliaquest noted that BlackLock’s rise has been both “swift and strategic” and predicted that if the group’s activity continues at this pace it will go on to become the
most active ransomware group in 2025.
The group is known to use
double extortion tactics whereby they encrypt data while also stealing sensitive information, hoping to exert more pressure on victims with the potential threat of exposing the stolen information.
Its ransomware is custom-built to target
Windows,
VMWare ESXi, and
Linux environments, although Reliquest noted that the Linux variant is less mature than its Windows counterpart.
www.itpro.com
