Lockbit Ransomware Group Hacked

The LockBit ransomware cyber crime  gang, one of the most active ransomware groups in recent years with thousands of attacks to its name,  has suffered a data breach:

Lockbit’s Dark Web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. This follows follows an unusual a post to one of the criminal group's forums on the Dark Web.

On May 7th, cyber security analysts saw that LockBit's Dark Web leak site had been changed. Instead of listing victim organisations, the site now features a simple message: "Don't do crime CRIME IS BAD xoxo from Prague," along with a link to a zip archive.

Security researchers saw  that the archive file includes internal data from the ransomware-as-a-service operation, including nearly 60,000 Bitcoin addresses and more than 4,000 chats with victim organisations from between Dec. 19, 2024, and April 29, 2025. The file also contains information on more than 70 LockBit administrators and affiliates, including plaintext passwords, as well individual builds and configurations of the LockBit ransomware code. However, the leaked data did not include decryptors or private keys. Right now, it is unknown who is behind the breach of LockBit's network. 

LockBit has been the subject of an international law enforcement operation, Operation Cronos,  that has severely affected the group’s activities.

Law enforcement agencies from ten countries participated in the operation and announced in February 2024 that there had been 2 arrests, 14,000+ rogue accounts had been closed, 34 servers were taken down, the group’s technical infrastructure and data leak site had been seized, and more than 200 crypto-currency accounts had been frozen.

The LockBit breach is the latest setback for LockBit since  Operation Cronos, which penetrated their network and domains, infrastructure, decryptors, source code and other crucial data, from which it has been attempting to recover

According to reports, there are similarities with the cyber actor behind a similar attack on the Everest ransomware group. In that attack, the Everest Dark Web data leak site was compromised and defaced with the same message, “Don’t do crime CRIME is BAD xoxo from Prague.”

It is possible that the attack could be the work of a hacktivist group or a member of a rival ransomware group looking to destroy the credibility of the competition.

One potential culprit is the DragonForce ransomware cartel, a relatively new ransomware group that has been aggressively recruiting affiliates from other ransomware operations. This criminal group has recently started offering its infrastructure to other ransomware-as-a-service groups under a white-label model in exchange for a share  of the  ransom proceeds, as it seeks to become dominant the world of criminal ransomware.

DragonForce is though to have contributed its expertise the Scattered Spider, a hacking collective  behind a string of ransomware attacks on major UK retailers in recent weeks, including Marks & Spencer (M&S), Harrods, and the Co-op group.

Reuters  |  Bleeping Computer  |   Tripwire  |  Computing  |   Forbes  |   HIPPA Jo. 

Image:

You Might Also Read: 

The Growing Ransomware Crisis:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Avoiding Low-Tech, Human-Centric Cyber Attacks
Examining The NIS2 Directive From Outside The EU »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Yelbridges

Yelbridges

Yelbridges offer high quality IT security & risk management services to mitigate business risks.

SPARTA Consortium

SPARTA Consortium

SPARTA tackles hard innovation challenges, leading the way in building transformative capabilities and forming a world-leading cybersecurity competence network across the EU.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.

Black Bison Cyber

Black Bison Cyber

Black Bison Cyber is a premier cybersecurity firm specializing in elite, discreet, and highly personalized digital protection for high-profile individuals and executives.