BlackLock Ransomware: What You Need To Know www.tripwire.com/state-of-…

BlackLock is a relatively new ransomware group. First seen in March 2024, the ransomware operation initially operated under the name El Dorado, before rebranding as BlackLock late last year.

BlackLock follows a RaaS (ransomware-as-a-service) business model, leasing its tools and infrastructure to affiliates who launch attacks, sharing a proportion of the proceeds with BlackLock.

Yes, like many other ransomware groups, BlackLock both encrypts victims' files and exfiltrates data - issuing threats to publish it if ransoms are not paid. BlackLock uses custom-built ransomware to target Windows, VMWare ESXi, and Linux environments.

BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest RaaS operations of 2025, following a dramatic increase in the number of posts on its dark web leak site.