Exclusive: Solar City Tyres allegedly breached by BlackLock ransomware

Threat actors have claimed a cyber attack on a Victorian tyre fitter and supplier, threatening to leak stolen data in a number of days.

Solar City Tyres, an independent business now operating as a Bridgestone franchise, was established in 1994 and specialises in providing tyres for earthmovers, farming equipment, light trucks and more.

The company was listed on the dark web leak site of BlackLock ransomware earlier this week. BlackLock has provided no information regarding the nature of the incident other than it plans to release stolen data in just over four days at the time of writing.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Cyber Daily reached out to Solar City Tyres, which declined to comment on the matter.

BlackLock ransomware first appeared in March 2024 under its own name, El Dorado, until late last year.

The group operates a ransomware-as-a-service (RaaS) operation and is known for the classic ransomware two-pronged approach of both encrypting and exfiltrating data.

According to a report by integrity and compliance monitoring firm Fortra from March 2025, BlackLock “has been predicted to be one of the biggest RaaS operations of 2025, following a dramatic increase in the number of posts on its dark web leak site”.

VIEW ALL

The report said the group launched 48 cyber attacks in the first two months of 2024 and is bolstering its affiliate numbers on RAMP and hiring other staff, such as initial access brokers, developers and more.

The group, like other ransomware operations, uses a standardised extortion note titled “HOW_RETURN_YOUR_DATA.TXT”, which outlines the incident and how to pay the group in bitcoin.

“Hello! Your files have been stolen from your network and encrypted with a strong algorithm,” the note said.

“We work for money and are not associated with politics. All you need to do is contact us and pay.”

The group said it would show the victim what files were stolen and prove it could decrypt the data by decrypting a single file before the victim and the group agree on a price to be paid in bitcoin before the stolen files are deleted and a decryptor is given to the victim.

It also said it would give the victim a report on how to prevent similar incidents, outlining how the threat actors got in and launched the ransomware.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Exclusive: Solar City Tyres allegedly breached by BlackLock ransomware

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED