BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most active extortion syndicates in 2025, heavily targeting technology, manufacturing, construction, finance, and retail sectors.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
BlackLock ransomware
*/
rule BlackLock_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.blacklock"
description = "Detects BlackLock ransomware ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "BlackLock" ascii nocase
$s2 = "BLACK-LOCK" ascii nocase
$s3 = "Reedme.txt" ascii nocase
$s4 = "blacklock.onion" ascii nocase
condition:
any of them
}
Hello! Your files have been stolen from your network and encrypted with a strong algorithm. We work for money and are not associated with politics. All you need to do is contact us and pay. --- Our communication process: 1. You contact us. 1. We send you a list of files that were stolen. 2. We decrypt 1 file to confirm that our decryptor works. 3. We agree on the amount, which must be paid using BTC. 4. We delete your files, we give you a decryptor. 5. We give you a detailed report on how we compromised your company, and recommendations on how to avoid such situations in the future. --- Client area (use this site to contact us): Link for Tor Browser: [redactado] >>> to begin the recovery process. * In order to access the site, you will need Tor Browser, you can download it from this link: [redactado] --- Recommendations: DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. --- Important: If you refuse to pay or do not get in touch with us, we start publishing your files. Еhe decryptor will be destroyed and the files will be published on our blog. Blog: [redactado] Sincerely!
A commitment to innovation and sustainability Études is a pioneering company that seamlessly unites creativity and functionality to redefine architectural excellence.
[AI generated] "Barranquitas Municipal Administration and its Department of Finance" is the local government body responsible for the operational management and financial well-being of Barranquitas, a municipality in Puerto Rico. They oversee services such as public works, health, education, and social welfare programs. The Department of Finance within the administration handles budgeting, expenditures, and financial planning.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Data Campos Sistemas | BR | Technology | — | 16 may 2025 |
| The Municipal Administration of Barranquitas and its Department of Finance | PR | Public Sector | — | 16 may 2025 |
| HIDROCARBUROS ARGENTINOS S.A. | AR | Energy | — | 16 may 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Energy, Utilities & Waste · Argentina 638 Employees HASA (Hidrocarburos Argentinos SA) is a company that operates in the Energy, Utilities & Waste industry. It employs 500to999 people and has 25Mto50M of revenue. The company is headquartered in Buenos Aires, Buenos Aires F.D., Argentina. Revenue $35.1 Million