Lockbit Ransomware Group Hacked

Uploaded on 2025-05-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The LockBit ransomware cyber criminal gang, one of the most active ransomware operations in recent years with thousands of attacks to its name,  has suffered a data breach. Lockbit’s Dark Web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. This follows follows an unusual a post to one of the criminal group's forums on the Dark Web.

On May 7th, cyber security analysts saw that LockBit's Dark Web leak site had been changed. Instead of listing victim organisations, the site now features a simple message: "Don't do crime CRIME IS BAD xoxo from Prague," along with a link to a zip archive.

Security researchers saw  that the archive file includes internal data from the ransomware-as-a-service operation, including nearly 60,000 Bitcoin addresses and more than 4,000 chats with victim organisations from between Dec. 19, 2024, and April 29, 2025. The file also contains information on more than 70 LockBit administrators and affiliates, including plaintext passwords, as well individual builds and configurations of the LockBit ransomware code. However, the leaked data did not include decryptors or private keys. Right now, it is unknown who is behind the breach of LockBit's network. 

LockBit has been the subject of an international law enforcement operation, Operation Cronos,  that has severely affected the group’s activities.

Law enforcement agencies from ten countries participated in the operation and announced in February 2024 that there had been 2 arrests, 14,000+ rogue accounts had been closed, 34 servers were taken down, the group’s technical infrastructure and data leak site had been seized, and more than 200 crypto-currency accounts had been frozen.

The LockBit breach is the latest setback for LockBit since  Operation Cronos, which penetrated their network and domains, infrastructure, decryptors, source code and other crucial data, from which it has been attempting to recover

According to reports, there are similarities with the cyber actor behind a similar attack on the Everest ransomware group. In that attack, the Everest Dark Web data leak site was compromised and defaced with the same message, “Don’t do crime CRIME is BAD xoxo from Prague.”

It is possible that the attack could be the work of a hacktivist group or a member of a rival ransomware group looking to destroy the credibility of the competition.

One potential culprit is the DragonForce ransomware cartel, a relatively new ransomware group that has been aggressively recruiting affiliates from other ransomware operations. This criminal group has recently started offering its infrastructure to other ransomware-as-a-service groups under a white-label model in exchange for a share  of the  ransom proceeds, as it seeks to become dominant the world of criminal ransomware.

DragonForce is though to have contributed its expertise the Scattered Spider, a hacking collective  behind a string of ransomware attacks on major UK retailers in recent weeks, including Marks & Spencer (M&S), Harrods, and the Co-op group.

Reuters  |  Bleeping Computer  |   Tripwire  |  Computing  |   Forbes  |   HIPPA Jo. 

Image:

You Might Also Read: 

The Growing Ransomware Crisis:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« M&S Will Claim £100m From Its Cyber Insurers
Examining The NIS2 Directive From Outside The EU »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Vaultree

Vaultree

We believe in an encrypted tomorrow. Vaultree technology enables a foundational change in how we communicate with each other: Safely!

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

UM6P Ventures

UM6P Ventures

UM6P Ventures is an African based early-stage ventures firm operating two funds; a Digital Transformation fund and a Deeptech Ventures fund.