Ransomware - Bl@ckt0r

Decryptor Available

Bl@ckt0r is a self-described "Bug Hunter and Data Breacher Group." They specifically mention that they are not a "ransomware gang" and do not encrypt data or ruin business continuity. Although it is likely true that they don't encrypt data (we have no evidence of any samples), they are still classified as a ransomware group as defined by the Ransomware Tracker. Ironically, after they mention they aren't a typical ransomware group, they go on to claim that they "love to hack corporate networks and ask for a bounty," and if they refuse to pay the bounty, they will sell the data on their dark web extortion page. You know, as a typical ransomware group would.

Since they don't encrypt networks, we have no technical information to provide. As such, they are classified as a Data Broker. We can say that Bl@ckt0r posted four victims on their data leak site, all from different countries, in different industries, with different extortion amounts. You can see them below.

Ransomware Type
Data Broker
First Seen
Extortion Types
Direct Extortion
Double Extortion
Extortion Amounts
Known Victims
Industry Sector Country Extortion Date Amount (USD)
Music & Entertainment Italy $3,000
Banking & Finance Indonesia $150,000
Information Technology Sri Lanka $50,000
Education Venezuela $30,000
References & Publications