Eight MEGA accounts leveraged by the RaaS operation to manage stolen data were also uncovered.
Operations of the BlackLock ransomware-as-a-service gang have been disrupted by Resecurity researchers after exploiting a misconfiguration within the group's data leak site.
According to Security Affairs, the BlackLock ransomware-as-a-service gang was poised to be among the most prolific RaaS groups this year, despite only emerging in March 2024.
Abuse of the leak site's local file include flaw exposed BlackLock's clearnet IP addresses, associated with its network infrastructure behind TOR hidden services, as well as other server-side service details.
Resecurity researchers said further infiltration of BlackLock, also known as El Dorado Ransomware, also uncovered eight MEGA accounts leveraged by the RaaS operation in managing data stolen from its victims, which include IT providers, healthcare organisations, and government entities around the world.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
