The SatanLock ransomware group, which has gained notoriety for its aggressive tactics, has announced it will cease operations and leak the data stolen from its victims. The announcement was made on the group’s official Telegram channel and dark web leak site, where they stated: “SatanLock project will be shut down – The files will all be leaked today.” This decision follows the deletion of all visible victim listings just hours prior to the announcement.
Active since early April 2025, SatanLock quickly caught media attention by posting details of 67 victims on its leak site within a few weeks. Interestingly, a recent report by Check Point, published in May 2025, revealed that over 65% of these victims had also been previously listed on other ransomware groups’ leak sites. This raises questions about whether SatanLock utilized shared infrastructure or intentionally targeted already compromised networks.
Cybersecurity analysis by Lockbit Decryptor suggests that the group may be connected to other notorious ransomware families, including Babuk-Bjorka and GD Lockersec. This web of connections indicates that SatanLock is likely part of a broader cybercriminal network, further complicating the threat landscape.
While the precise reasons for SatanLock’s abrupt shutdown remain unclear, it coincides with the recent announcement that Hunters International, another ransomware group, has shut down operations. However, Hunters has since clarified it is merely rebranding and shifting focus from ransom demands to data breaches and leaks, now operating under the name WORLD LEAKS. Whether SatanLock will follow suit in changing its operational model remains uncertain.
The shutdown of SatanLock is seen positively by cybersecurity experts and victims alike, eliminating one more entity engaged in extorting individuals and businesses through ransomware.