LockBit ransomware gang gets hacked, leak exposes negotiations with victims

Date:
Thu, 08 May 2025 12:23:00 +0000

Description:
"Don't do crime, crime is bad," someone tells LockBit as they leak sensitive data.

FULL STORY ======================================================================LockBit' s dark web affiliate panels have been defaced A message saying "don't do crime" was left instead The attackers leaked chat logs between LockBit's affiliates and victims

The infamous LockBit ransomware group has suffered yet another cyberattack
and data breach that has seen its dark web affiliate panels defaced, and some sensitive data leaked.

BleepingComputer reports following the incident, all of the groups panels
are now showing a single message: Dont do crime CRIME IS BAD xoxo from
Prague.

They also hold a link to download an archive named paneldb_dump.zip, which
was first spotted by another threat actor called Rey, who confirmed the archive contained an SQL file dumped from the site affiliate panels MySQL database. LockBit also allegedly confirmed the authenticity of the breach to them, as well.

Get Keeper Personal for just $1.67/month, Keeper Family for just
$3.54/month, and Keeper Business for just $7/month

Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
to protect against cyber threats.

Preferred partner ( What does this mean? ) View Deal Chats leaked

Apparently, the phpMyAdmin SQL dump showed that the server was running PHP 8.1.2, vulnerable to a critical flaw, tracked as CVE-2024-4577, which is
known to have been exploited in the wild.

The archive contains a fair bit - almost 60,000 unique bitcoin addresses, individual encryptor builds developed by affiliates, public keys (but no private keys), victim names, and chat messages of communications between the attackers and the victims, generated between December 19, 2024 and April 29, 2025.

No one took responsibility for the attack just yet. BleepingComputer speculates this might have been the work of the same people who recently
broke into Everests ransomware dark web site, since the defacement messages were similar in both cases.

This is not the first time LockBit has been attacked. In February 2024, the group had its website and data seized by the authorities as part of Operation Cronos . The group took a week to bounce back, but the law enforcement
managed to obtain plenty of information not just about the group, but about its affiliates as well.

This led to several arrests connected to the group, including two individuals in Poland and Ukraine, one in France, and two in the UK.

The US Department of Justice also unsealed indictments against Russian nationals Artur Sungatov and Ivan Kondratyev (also known as "Bassterlord")
for deploying LockBit ransomware, both of whom are currently in custody and awaiting trial. Finally, an administrator of a bulletproof hosting service used by LockBit was detained in Spain.

Via BleepingComputer You might also like Fortinet firewall bugs are being targeted by LockBit ransomware hackers Take a look at our guide to the best authenticator app We've rounded up the best password managers



======================================================================
Link to news story: https://www.techradar.com/pro/security/lockbit-ransomware-gang-gets-hacked-lea k-exposes-negotiations-with-victims


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)