Lockbit Ransomware Group Hacked

The LockBit ransomware cyber crime  gang, one of the most active ransomware groups in recent years with thousands of attacks to its name,  has suffered a data breach:

Lockbit’s Dark Web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. This follows follows an unusual a post to one of the criminal group's forums on the Dark Web.

On May 7th, cyber security analysts saw that LockBit's Dark Web leak site had been changed. Instead of listing victim organisations, the site now features a simple message: "Don't do crime CRIME IS BAD xoxo from Prague," along with a link to a zip archive.

Security researchers saw  that the archive file includes internal data from the ransomware-as-a-service operation, including nearly 60,000 Bitcoin addresses and more than 4,000 chats with victim organisations from between Dec. 19, 2024, and April 29, 2025. The file also contains information on more than 70 LockBit administrators and affiliates, including plaintext passwords, as well individual builds and configurations of the LockBit ransomware code. However, the leaked data did not include decryptors or private keys. Right now, it is unknown who is behind the breach of LockBit's network. 

LockBit has been the subject of an international law enforcement operation, Operation Cronos,  that has severely affected the group’s activities.

Law enforcement agencies from ten countries participated in the operation and announced in February 2024 that there had been 2 arrests, 14,000+ rogue accounts had been closed, 34 servers were taken down, the group’s technical infrastructure and data leak site had been seized, and more than 200 crypto-currency accounts had been frozen.

The LockBit breach is the latest setback for LockBit since  Operation Cronos, which penetrated their network and domains, infrastructure, decryptors, source code and other crucial data, from which it has been attempting to recover

According to reports, there are similarities with the cyber actor behind a similar attack on the Everest ransomware group. In that attack, the Everest Dark Web data leak site was compromised and defaced with the same message, “Don’t do crime CRIME is BAD xoxo from Prague.”

It is possible that the attack could be the work of a hacktivist group or a member of a rival ransomware group looking to destroy the credibility of the competition.

One potential culprit is the DragonForce ransomware cartel, a relatively new ransomware group that has been aggressively recruiting affiliates from other ransomware operations. This criminal group has recently started offering its infrastructure to other ransomware-as-a-service groups under a white-label model in exchange for a share  of the  ransom proceeds, as it seeks to become dominant the world of criminal ransomware.

DragonForce is though to have contributed its expertise the Scattered Spider, a hacking collective  behind a string of ransomware attacks on major UK retailers in recent weeks, including Marks & Spencer (M&S), Harrods, and the Co-op group.

Reuters  |  Bleeping Computer  |   Tripwire  |  Computing  |   Forbes  |   HIPPA Jo. 

Image:

You Might Also Read: 

The Growing Ransomware Crisis:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Avoiding Low-Tech, Human-Centric Cyber Attacks
Examining The NIS2 Directive From Outside The EU »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.