BlackLock’s Dirty Secrets Exposed After Researchers “Hack the Hackers”

Cybersecurity researchers hacked into the systems of a ransomware group called BlackLock. This rare case of “hacking the hackers” exposed how the criminals operate. The breach revealed key details about their infrastructure, methods, and major mistakes.

Hackers Get Hacked: BlackLock’s Operations Revealed

The breakthrough came when Resecurity, a cybersecurity firm, found a flaw in BlackLock’s data leak site (DLS). The group used this site to publish stolen data and pressure victims to pay ransoms. However, due to a mistake in the site’s setup, researchers accessed sensitive files, login details, and even a full list of commands used by the hackers.

The flaw, called a local file inclusion (LFI) bug, let researchers trick the server into showing hidden information. It was a huge mistake by BlackLock. It revealed their real-world systems and exposed their secrets.

BlackLock’s Dirty Secrets: How the Ransomware Group Operates

The leak revealed some startling information about BlackLock’s tactics and tools. The hackers used MEGA, a popular cloud storage service, to move stolen data. Shockingly, they installed the MEGA app on victims’ systems to speed up the transfer.

BlackLock made at least eight MEGA accounts using temporary emails from YOPmail. These throwaway emails helped them stay hidden while storing stolen data online.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

The hackers used a tool called Rclone to steal data automatically. Rclone is a legit program for cloud storage. However, BlackLock misused it to quickly move large amounts of stolen data.

While analyzing BlackLock’s source code, researchers found similarities with another ransomware strain called DragonForce. Interestingly, although DragonForce is written in Visual C++, BlackLock uses Go—but the ransom notes and parts of the code were strikingly similar.

Ransomware Rivalry: BlackLock Defaced by DragonForce

In a strange twist, BlackLock was hacked by another group. On March 20, 2025, their data leak site was defaced by DragonForce. The rival group likely used the same flaw or a similar one. They leaked BlackLock’s chats and files on their public website.

Even more surprisingly, Mamona, another ransomware project linked to BlackLock, suffered a similar fate. On March 19, Mamona’s DLS was also defaced.

Medusa Ransomware Crisis: 300 Major Organizations Under Siege

The attack made people wonder if BlackLock and DragonForce were working together. Some experts thought DragonForce may have taken over BlackLock’s operations. Others believed BlackLock gave up control after realizing they were hacked.

The group’s main hacker, known as $$$, did not seem surprised after BlackLock and Mamona were attacked. This made researchers think he may have expected the hit. They believed he left the project quietly before it collapsed.

The Bigger Picture: BlackLock’s Global Impact

Before being exposed, BlackLock had become one of the most aggressive ransomware groups in 2025, targeting multiple industries including technology, manufacturing, construction, finance, and retail.

As of February 2025, BlackLock had listed 46 victims on its leak site. Their attacks affected companies and organizations in countries such as Argentina, Brazil, and Peru in South America; France, Italy, Spain, the Netherlands, Croatia, and the U.K. in Europe; Canada and the U.S. in North America; Congo and Aruba; and the United Arab Emirates in the Middle East.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

In January 2025, BlackLock started an underground network, inviting other hackers to join. Their partners, called traffers, helped in the first steps of attacks. They tricked victims into visiting fake websites with malware. This gave BlackLock access to company systems, leading to big ransomware attacks.

BlackLock’s big mistake, along with DragonForce’s attack, badly hurt the group. It is unclear if BlackLock will return with a new name. However, the breach has weakened their operations. It has given law enforcement and security experts an advantage against the criminals.

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

“Pay more and enjoy nothing”—Newsom torches Trump’s tariff push as costs for food, cars, and flights soar

California Governor Gavin Newsom has strongly criticized President Donald...

Eric Trump explodes on Newsmax — claims Biden tried to break up Donald and Melania’s marriage

Eric Trump has sparked fresh controversy after making a...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

Related Articles

Popular Categories

error: Content is protected !!