Threat Actor Profile
Medium
Cybercriminal
Description
BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most active extortion syndicates in 2025, heavily targeting technology, manufacturing, construction, finance, and retail sectors.
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-05-16',
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'BlackLock is a rebranded version of another ransomware group '
'known as Eldorado. It has since become one of the most active '
'extortion syndicates in 2025, heavily targeting technology, '
'manufacturing, construction, finance, and retail sectors. ',
'firstseen': '2023-11-27T00:00:00+00:00',
'group': 'blacklock',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2025-07-02T16:19:01+00:00',
'locations': [{'available': False,
'fqdn': 'zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion',
'slug': 'http://zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion',
'title': 'BlackLock',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 3,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion',
'slug': 'http://zdkexsh2e7yihw5uhg5hpsgq3dois2m5je7lzfagij2y6iw5ptl35gyd.onion',
'title': 'BlackLock',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 3,
'ransomware_live_group': 'blacklock',
'tools': {},
'url': 'https://www.ransomware.live/group/blacklock',
'victims': 64,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/blacklock',
'victims': 64,
'vulnerabilities': []}