This post is also available in:
עברית (Hebrew)
In a dramatic turn of events, cybersecurity firm Resecurity has successfully halted the notorious BlackLock Ransomware gang, dealing a serious blow to one of the most dangerous cybercriminal groups to emerge in recent months. BlackLock, which quickly rose to prominence in 2024 with its aggressive and widespread attacks, seemed unstoppable. But a crucial flaw in its data leak site gave Resecurity the opening it needed to expose the gang’s inner workings and prevent more devastating breaches.
The flaw, a Local File Include (LFI) vulnerability, was discovered on BlackLock’s dark web data leak platform, where the group posted the stolen data of its victims. By exploiting this weakness, Resecurity’s HUNTER team was able to dive deep into the gang’s infrastructure, uncovering sensitive server configurations, login details, and even detailed logs showing the group’s every move. The intelligence they gathered revealed not just what BlackLock had done but what they were planning next — and it gave Resecurity the chance to alert authorities, stopping some of the gang’s most destructive attacks in their tracks.
Among the valuable information retrieved were credentials for MEGA cloud storage accounts, where BlackLock had been storing massive amounts of stolen data, as well as detailed victim lists. From defense agencies to healthcare systems, BlackLock had targeted a wide range of sectors, and Resecurity’s findings have been instrumental in stopping several of these planned attacks before they could cause any harm.
But the damage to BlackLock didn’t end there. In March 2025, the gang’s data leak site was defaced by DragonForce, another ransomware group, further destabilizing BlackLock’s operations. It’s unclear whether DragonForce took over the group’s operations or wiped them out entirely, but one thing is certain: BlackLock is no longer the threat it once was.
This operation is a clear reminder of the power of proactive cybersecurity. By combining intelligence gathering with real-time action, Resecurity has not only crippled a major cybercrime ring but also prevented countless data breaches from harming victims worldwide. With BlackLock now effectively dismantled, the spotlight shifts to DragonForce, but for now, Resecurity’s victory marks a major win in the ongoing battle against ransomware.
