FlagThis

Cybersecurity firm Resecurity successfully infiltrated the BlackLock ransomware gang's network by exploiting a local file inclusion vulnerability on their data leak site (DLS). This vulnerability, a misconfiguration in the site, allowed Resecurity to access the gang's network infrastructure, configuration files, and even account credentials. By gaining access, Resecurity could observe the gang's operations, identify potential victims, and alert both the victims and authorities, providing valuable insights into the gang's modus operandi.

Resecurity's actions have provided law enforcement with crucial information about BlackLock, also known as El Dorado, which had successfully attacked at least 46 organizations worldwide. The compromised DLS revealed that the gang was actively recruiting affiliates to spread the ransomware further. By uncovering the gang's methods and infrastructure, Resecurity has potentially disrupted BlackLock's operations and protected numerous organizations from falling victim to their attacks.

ImgSrc: cdn.mos.cms.fut

References :

• PCMag UK security: Cybersecurity Firm Hacks Ransomware Group, Alerts Potential Victims
• www.itpro.com: Security researchers hack BlackLock ransomware gang in push back against rising threat actor
• securityaffairs.com: BlackLock Ransomware Targeted by Cybersecurity Firm
• The Hacker News: BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
• thehackernews.com: In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.

Classification:

• HashTags: #Ransomware #CyberSecurity #ThreatIntel
• Company: Resecurity
• Target: Organizations
• Attacker: BlackCat
• Product: Resecurity Platform
• Feature: data theft
• Malware: BlackLock
• Type: Hack
• Severity: Major