Ransomware Group: BLACKLOCK

VICTIM NAME: Ubon Ratchathani University

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKLOCK Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group “blacklock” has targeted Ubon Ratchathani University, an educational institution located in Thailand. The attack was discovered on June 26, 2025, and appears to be part of a broader campaign against academic institutions. The group claims to have compromised the university’s systems, which include sensitive data related to students, staff, and operations. A screenshot has been published showing internal content, likely used to demonstrate their access. The leak page also provides a link where the affected data can potentially be downloaded, indicating that the attacker is offering stolen information for sale or public release.

Ubon Ratchathani University is a well-established higher education institution, founded in 1987 and awarded independent university status in 1990. The university’s revenue was approximately $38.7 million, reflecting a significant operational scale. The attack may disrupt administrative functions and compromise privacy, impacting students and staff. The leak statement suggests that the threat actors have access to confidential university data, which might include academic records, personal information, and administrative files. The presence of a detailed screenshot indicates attempts to validate the breach, potentially aiming to pressure the university or showcase their capabilities. This incident highlights the ongoing cybersecurity risks faced by educational entities, especially in the context of increasing cyber threats worldwide.