Despite only emerging last March, the BlackLock Ransomware-as-a-Service operation became the seventh most prolific ransomware gang last year after recording a 1,425% increase in activity between October and December, Cybernews reports.
Reliaquest researchers reported that attacks conducted by BlackLock, which could be this year's most active ransomware group, involve the distribution of proprietary malware against Windows, VMware ESXi, and Linux systems for double extortion.
Immediate ransomware payments have been facilitated by BlackLock through its custom leak site, which impedes impacted organizations from conducting thorough breach evaluations. Additional findings showed BlackLock's usage of the Russian cybercrime forum RAMP for affiliate and traffer recruitment for early ransomware attack stages prior to major attack waves.
"Recruitment posts for traffers explicitly outline requirements, signaling BlackLock's urgency to bring on candidates quickly — often prioritizing speed over operational security," said Reliaquest, which noted a significantly more cautious hiring process for higher-level and programmer positions within the RaaS operation.
