The ransomware group called SatanLock is ending its operation. All the data that it has stolen from victims will be leaked online.
SatanLock is a ransomware organization that has only been active since April 2025. The group gained notoriety by making dozens of victims in just a short period of time. The gang’s dark web leak site, which has been taken offline, mentioned details of 67 victims.
However, as cybersecurity firm Check Point has pointed out in its April 2025 Malware Spotlight report, over 65 percent of these victims had already been listed by other ransomware groups, indicating either shared infrastructure or a deliberate effort to “reclaim” compromised networks.
“Such behavior highlights the increasingly competitive and chaotic nature of the ransomware ecosystem, where victim double-posting is becoming a common tactic among opportunistic actors,” the cybersecurity firm wrote.
According to LockBit Decryptor, a cybersecurity company that helps victims crack and remove LockBit ransomware, SatanLock is linked to several notorious ransomware families, including Babuk-Bjorka and GD Lockersec. This might suggest the group is part of a larger criminal network.
The announcement that SatanLock is calling it quits was made in the group’s official Telegram channel, as well as its dark web leak page.
“SatanLock project will be shut down. The files will all be leaked today,” a message says.
Why the ransomware operation is pulling the plug remains unclear.
Last week, Hunters International announced that it has officially shut up shop.
“After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with,” the group wrote in a goodbye message.
Hunters International has offered free decryption keys for all victims.
Your email address will not be published. Required fields are markedmarked