Lockbit Ransomware Group Hacked

Uploaded on 2025-05-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The LockBit ransomware cyber crime  gang, one of the most active ransomware groups in recent years with thousands of attacks to its name,  has suffered a data breach:

Lockbit’s Dark Web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. This follows follows an unusual a post to one of the criminal group's forums on the Dark Web.

On May 7th, cyber security analysts saw that LockBit's Dark Web leak site had been changed. Instead of listing victim organisations, the site now features a simple message: "Don't do crime CRIME IS BAD xoxo from Prague," along with a link to a zip archive.

Security researchers saw  that the archive file includes internal data from the ransomware-as-a-service operation, including nearly 60,000 Bitcoin addresses and more than 4,000 chats with victim organisations from between Dec. 19, 2024, and April 29, 2025. The file also contains information on more than 70 LockBit administrators and affiliates, including plaintext passwords, as well individual builds and configurations of the LockBit ransomware code. However, the leaked data did not include decryptors or private keys. Right now, it is unknown who is behind the breach of LockBit's network. 

LockBit has been the subject of an international law enforcement operation, Operation Cronos,  that has severely affected the group’s activities.

Law enforcement agencies from ten countries participated in the operation and announced in February 2024 that there had been 2 arrests, 14,000+ rogue accounts had been closed, 34 servers were taken down, the group’s technical infrastructure and data leak site had been seized, and more than 200 crypto-currency accounts had been frozen.

The LockBit breach is the latest setback for LockBit since  Operation Cronos, which penetrated their network and domains, infrastructure, decryptors, source code and other crucial data, from which it has been attempting to recover

According to reports, there are similarities with the cyber actor behind a similar attack on the Everest ransomware group. In that attack, the Everest Dark Web data leak site was compromised and defaced with the same message, “Don’t do crime CRIME is BAD xoxo from Prague.”

It is possible that the attack could be the work of a hacktivist group or a member of a rival ransomware group looking to destroy the credibility of the competition.

One potential culprit is the DragonForce ransomware cartel, a relatively new ransomware group that has been aggressively recruiting affiliates from other ransomware operations. This criminal group has recently started offering its infrastructure to other ransomware-as-a-service groups under a white-label model in exchange for a share  of the  ransom proceeds, as it seeks to become dominant the world of criminal ransomware.

DragonForce is though to have contributed its expertise the Scattered Spider, a hacking collective  behind a string of ransomware attacks on major UK retailers in recent weeks, including Marks & Spencer (M&S), Harrods, and the Co-op group.

Reuters  |  Bleeping Computer  |   Tripwire  |  Computing  |   Forbes  |   HIPPA Jo. 

Image:

You Might Also Read: 

The Growing Ransomware Crisis:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Avoiding Low-Tech, Human-Centric Cyber Attacks
Examining The NIS2 Directive From Outside The EU »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

QRC Assurance & Solutions

QRC Assurance & Solutions

QRC is a PCI QSA, QPA, ISO accredited, CPA and CERT-IN empanelled organization with vast experience in conducting certification, regulatory audits, pen testing services, training and more.

Arms Cyber

Arms Cyber

Arms Cyber is redefining ransomware defense with advanced solutions that stop attacks before they start.

Bonfy.AI

Bonfy.AI

Bonfy.AI prevents incidents in the use and communication of AI and human generated content, providing visibility and proactive risk mitigation of confidentiality, privacy, and compliance.