BlackLock’s Dirty Secrets Exposed After Researchers “Hack the Hackers”

Cybersecurity researchers hacked into the systems of a ransomware group called BlackLock. This rare case of “hacking the hackers” exposed how the criminals operate. The breach revealed key details about their infrastructure, methods, and major mistakes.

Hackers Get Hacked: BlackLock’s Operations Revealed

The breakthrough came when Resecurity, a cybersecurity firm, found a flaw in BlackLock’s data leak site (DLS). The group used this site to publish stolen data and pressure victims to pay ransoms. However, due to a mistake in the site’s setup, researchers accessed sensitive files, login details, and even a full list of commands used by the hackers.

The flaw, called a local file inclusion (LFI) bug, let researchers trick the server into showing hidden information. It was a huge mistake by BlackLock. It revealed their real-world systems and exposed their secrets.

BlackLock’s Dirty Secrets: How the Ransomware Group Operates

The leak revealed some startling information about BlackLock’s tactics and tools. The hackers used MEGA, a popular cloud storage service, to move stolen data. Shockingly, they installed the MEGA app on victims’ systems to speed up the transfer.

BlackLock made at least eight MEGA accounts using temporary emails from YOPmail. These throwaway emails helped them stay hidden while storing stolen data online.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

The hackers used a tool called Rclone to steal data automatically. Rclone is a legit program for cloud storage. However, BlackLock misused it to quickly move large amounts of stolen data.

While analyzing BlackLock’s source code, researchers found similarities with another ransomware strain called DragonForce. Interestingly, although DragonForce is written in Visual C++, BlackLock uses Go—but the ransom notes and parts of the code were strikingly similar.

Ransomware Rivalry: BlackLock Defaced by DragonForce

In a strange twist, BlackLock was hacked by another group. On March 20, 2025, their data leak site was defaced by DragonForce. The rival group likely used the same flaw or a similar one. They leaked BlackLock’s chats and files on their public website.

Even more surprisingly, Mamona, another ransomware project linked to BlackLock, suffered a similar fate. On March 19, Mamona’s DLS was also defaced.

Medusa Ransomware Crisis: 300 Major Organizations Under Siege

The attack made people wonder if BlackLock and DragonForce were working together. Some experts thought DragonForce may have taken over BlackLock’s operations. Others believed BlackLock gave up control after realizing they were hacked.

The group’s main hacker, known as $$$, did not seem surprised after BlackLock and Mamona were attacked. This made researchers think he may have expected the hit. They believed he left the project quietly before it collapsed.

The Bigger Picture: BlackLock’s Global Impact

Before being exposed, BlackLock had become one of the most aggressive ransomware groups in 2025, targeting multiple industries including technology, manufacturing, construction, finance, and retail.

As of February 2025, BlackLock had listed 46 victims on its leak site. Their attacks affected companies and organizations in countries such as Argentina, Brazil, and Peru in South America; France, Italy, Spain, the Netherlands, Croatia, and the U.K. in Europe; Canada and the U.S. in North America; Congo and Aruba; and the United Arab Emirates in the Middle East.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

In January 2025, BlackLock started an underground network, inviting other hackers to join. Their partners, called traffers, helped in the first steps of attacks. They tricked victims into visiting fake websites with malware. This gave BlackLock access to company systems, leading to big ransomware attacks.

BlackLock’s big mistake, along with DragonForce’s attack, badly hurt the group. It is unclear if BlackLock will return with a new name. However, the breach has weakened their operations. It has given law enforcement and security experts an advantage against the criminals.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Shocking Files Reveal Bill Clinton Letter in Epstein’s Infamous ‘Birthday Book’

Oversight Committee Releases New Epstein Records The House Oversight Committee...

McGregor channels Trump populism with Musk support in high-stakes Irish presidential race

In early September 2025, Ireland was taken by surprise...

Federal authorities seize $3 million in crypto linked to ransomware that hit US hospitals

Federal authorities have seized nearly $3 million worth of...

Bernie Sanders backs Zohran Mamdani in New York City mayor race citing grassroots momentum

A major political figure has stepped into the New...

JPMorgan handled $1.1 billion for Jeffrey Epstein despite warnings of criminal ties and reputation risk

JPMorgan Chase, one of America’s biggest banks, had a...

Qualys confirms limited Salesforce data access during Drift hacking campaign raising security concerns

Hackers accessed some Salesforce information from risk management company...

Ashley Hinson sparks clash with Newsom after claiming America should look more like Iowa

A sharp political exchange has broken out after U.S....

WSJ report says malware email linked to Chinese group aimed at U.S. tariff negotiations

U.S. authorities are investigating a suspicious email that carried...

Newsom mocks Rose Garden “Predator Patio” while millions face health care cuts

A political storm erupted after a freshly renovated section...

Related Articles

Popular Categories

error: Content is protected !!