BlackLock is a ransomware-as-a-service (RaaS) group that emerged in March 2024, initially operating under the name El Dorado before rebranding to BlackLock around September 2024. Assessed with high confidence to be of Russian origin, the group's primary motivation is financial gain through double extortion. What sets BlackLock apart is its custom-built ransomware written in Go, which enables cross-platform targeting of Windows, Linux, and VMware ESXi environments, distinguishing it from many groups that rely on leaked ransomware builders. The group actively recruits affiliates, developers, initial access brokers, and 'traffers' via Russian-speaking cybercrime forums like RAMP. Although it operated as BlackLock for a significant period, the actor behind it announced the launch of a new project, Mamona Ransomware, around March 2025, indicating a potential transition or rebranding.

Sectores atacados

URLs nuevas detectadas en IntelTracker