- Adobe reveals 10 purpose-built AI agents - here's what they can do for your business
- Security Researcher Proves GenAI Tools Can Develop Chrome Infostealers
- Navigating the Future of Connectivity: Services Opportunities around Cisco’s Wi-Fi 7
- The 13+ best Amazon Spring Sale deals under $25
- The best tax software of 2025
Researchers Confirm BlackLock as Eldorado Rebrand
Cybersecurity researchers have uncovered a direct link between BlackLock and the notorious ransomware group Eldorado, and confirmed that BlackLock is a rebranded version of the earlier threat actor.
After facing increased scrutiny from law enforcement and security experts, Eldorado resurfaced under the BlackLock name, adopting enhanced capabilities while continuing its ransomware-as-a-service (RaaS) operations.
According to DarkAtlas, BlackLock executed 48 attacks in the first two months of the year. The attacks affected multiple sectors, with construction and real estate firms the most impacted.
How BlackLock Operates
Unlike other ransomware groups that follow predictable attack patterns, BlackLock operates with a high degree of flexibility, making it difficult to anticipate and counter its tactics.
The ransomware encrypts files, renaming them with randomized extensions before delivering a ransom note titled “HOW_RETURN_YOUR_DATA.TXT.”
The group uses fast encryption speeds to maximize disruption, targeting attacks on industries with high-value assets. BlackLock has also been found using ransomware and destructive wipers against government agencies.
The group has been identified on encrypted messaging platforms, which it uses to coordinate activities.
Rebranding Ransomware
BlackLock retains Eldorado’s technical foundation, including its use of Golang for cross-platform attacks and its sophisticated encryption techniques, such as ChaCha20 and RSA-OAEP. However, it has improved upon previous methods with faster encryption speeds and more targeted attack strategies.
This pattern follows similar transitions seen in past ransomware groups, such as BabLock (Babuk) BlackMatter (Revil).
“BlackLock has emerged as one of the most notorious ransomware groups in 2025, gaining widespread infamy for publicly listing numerous high-profile victims on their leak site,” DarkAtlas explained.
“Their rapid rise and sophisticated attack methods have positioned them as a major threat in the cybersecurity landscape, underscoring the urgent need for enhanced defensive strategies and proactive threat mitigation.”
