February 18, 2025 By Zeljka Zorz
BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest.
Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their aggressive recruiting of traffers (individuals that steer victims to harmful content/software), initial access brokers (IABs), and affiliates.
What is BlackLock?
BlackLock (aka El Dorado or Eldorado) cropped up in early 2024. It uses custom-built ransomware that can target Windows, VMWare ESXi, and Linux environments, but the group also exfiltrates victims’ data and threatens to publish it if the ransom isn’t paid.