BlackLock’s Dirty Secrets Exposed After Researchers “Hack the Hackers”

Cybersecurity researchers hacked into the systems of a ransomware group called BlackLock. This rare case of “hacking the hackers” exposed how the criminals operate. The breach revealed key details about their infrastructure, methods, and major mistakes.

Hackers Get Hacked: BlackLock’s Operations Revealed

The breakthrough came when Resecurity, a cybersecurity firm, found a flaw in BlackLock’s data leak site (DLS). The group used this site to publish stolen data and pressure victims to pay ransoms. However, due to a mistake in the site’s setup, researchers accessed sensitive files, login details, and even a full list of commands used by the hackers.

The flaw, called a local file inclusion (LFI) bug, let researchers trick the server into showing hidden information. It was a huge mistake by BlackLock. It revealed their real-world systems and exposed their secrets.

BlackLock’s Dirty Secrets: How the Ransomware Group Operates

The leak revealed some startling information about BlackLock’s tactics and tools. The hackers used MEGA, a popular cloud storage service, to move stolen data. Shockingly, they installed the MEGA app on victims’ systems to speed up the transfer.

BlackLock made at least eight MEGA accounts using temporary emails from YOPmail. These throwaway emails helped them stay hidden while storing stolen data online.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

The hackers used a tool called Rclone to steal data automatically. Rclone is a legit program for cloud storage. However, BlackLock misused it to quickly move large amounts of stolen data.

While analyzing BlackLock’s source code, researchers found similarities with another ransomware strain called DragonForce. Interestingly, although DragonForce is written in Visual C++, BlackLock uses Go—but the ransom notes and parts of the code were strikingly similar.

Ransomware Rivalry: BlackLock Defaced by DragonForce

In a strange twist, BlackLock was hacked by another group. On March 20, 2025, their data leak site was defaced by DragonForce. The rival group likely used the same flaw or a similar one. They leaked BlackLock’s chats and files on their public website.

Even more surprisingly, Mamona, another ransomware project linked to BlackLock, suffered a similar fate. On March 19, Mamona’s DLS was also defaced.

Medusa Ransomware Crisis: 300 Major Organizations Under Siege

The attack made people wonder if BlackLock and DragonForce were working together. Some experts thought DragonForce may have taken over BlackLock’s operations. Others believed BlackLock gave up control after realizing they were hacked.

The group’s main hacker, known as $$$, did not seem surprised after BlackLock and Mamona were attacked. This made researchers think he may have expected the hit. They believed he left the project quietly before it collapsed.

The Bigger Picture: BlackLock’s Global Impact

Before being exposed, BlackLock had become one of the most aggressive ransomware groups in 2025, targeting multiple industries including technology, manufacturing, construction, finance, and retail.

As of February 2025, BlackLock had listed 46 victims on its leak site. Their attacks affected companies and organizations in countries such as Argentina, Brazil, and Peru in South America; France, Italy, Spain, the Netherlands, Croatia, and the U.K. in Europe; Canada and the U.S. in North America; Congo and Aruba; and the United Arab Emirates in the Middle East.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

In January 2025, BlackLock started an underground network, inviting other hackers to join. Their partners, called traffers, helped in the first steps of attacks. They tricked victims into visiting fake websites with malware. This gave BlackLock access to company systems, leading to big ransomware attacks.

BlackLock’s big mistake, along with DragonForce’s attack, badly hurt the group. It is unclear if BlackLock will return with a new name. However, the breach has weakened their operations. It has given law enforcement and security experts an advantage against the criminals.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Fire Threat Spreads Beyond Seasonal Weather Cycles

Fire Seasons Used to Be Separate Fire seasons in different...

Explosive Heat Shows the U.K. is Not Safe from Climate Change

Unusual high heat Hits the U.K. in April An early and...

Power Grid Collapse Sweeps Europe After Sudden Weather Shift

Rare Weather Triggers Europe Power Outage On 28th April 2025,...

Glaciers Massive Loss Uncovers Greenland’s Hidden Coastline

Melting Glaciers Uncover Hidden Land Greenland has been making headlines...

Cold Truth Reveals the Greenland Warming Myth

What the Claim Says about Greenland A post recently shared...

Soil in Grasslands Drains Faster Under Drought and Heat

Grasslands: A Vital Part of Earth’s Water System Grasslands are...

Massive Increase in Hot to Cold Temperature Flips Threatens Stability

What Are Temperature Flips? A new global study has found...

Boil Water Notice Issued in Rathcabbin During Water Crisis

Water Trouble in Rathcabbin A major water crisis has hit...

Climate Change Triggers Unprecedented Coral Bleaching Impacting Oceans

Coral Reefs Are in Big Trouble A new report has...

First 3D Forest Mapping Satellite Built in UK to Tackle Climate Change

A New Satellite in the Sky A powerful new satellite...

Fire Threat Spreads Beyond Seasonal Weather Cycles

Fire Seasons Used to Be Separate Fire seasons in different...

Explosive Heat Shows the U.K. is Not Safe from Climate Change

Unusual high heat Hits the U.K. in April An early and...

Power Grid Collapse Sweeps Europe After Sudden Weather Shift

Rare Weather Triggers Europe Power Outage On 28th April 2025,...

Glaciers Massive Loss Uncovers Greenland’s Hidden Coastline

Melting Glaciers Uncover Hidden Land Greenland has been making headlines...

Cold Truth Reveals the Greenland Warming Myth

What the Claim Says about Greenland A post recently shared...

Soil in Grasslands Drains Faster Under Drought and Heat

Grasslands: A Vital Part of Earth’s Water System Grasslands are...

Massive Increase in Hot to Cold Temperature Flips Threatens Stability

What Are Temperature Flips? A new global study has found...

Boil Water Notice Issued in Rathcabbin During Water Crisis

Water Trouble in Rathcabbin A major water crisis has hit...

Related Articles

Popular Categories