SatanLock ends operation amid ransomware ecosystem turmoil
The group claimed dozens of victims but many had already been listed by other ransomware outfits.
SatanLock, a ransomware group active since April 2025, has announced it is shutting down. The group quickly gained notoriety, claiming 67 victims on its now-defunct dark web leak site.
Cybersecurity firm Check Point says more than 65% of these victims had already appeared on other ransomware leak pages. However, this suggests the group may have used shared infrastructure or tried to hijack previously compromised networks.
Such tactics reflect growing disorder within the ransomware ecosystem, where victim double-posting is rising. SatanLock may have been part of a broader criminal network, as it shares ties to families like Babuk-Bjorka and GD Lockersec.
A shutdown message was posted on the gang’s Telegram channel and leak page, announcing plans to leak all stolen data. The reason for the sudden closure has not been disclosed.
Another group, Hunters International, announced its disbandment just days earlier.
Unlike SatanLock, Hunters offered free decryption keys to its victims in a parting gesture.
These back-to-back exits signal possible pressure from law enforcement, rivals, or internal collapse in the ransomware world. Analysts are watching closely to see whether this trend continues.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!