LockBit Ransomware Group Reportedly Suffers Data Breach, Extortion Tactics Revealed

LockBit, the infamous ransomware group, reportedly suffered a large information breach on Wednesday. As per the report, the group’s darkish internet platform’s admin and affiliate panels had been compromised to indicate a message and hyperlink to a MySQL database dump. The database reportedly comprises 20 tables that embody delicate info across the cybercriminal group’s affiliate community, extortion techniques, particulars round malware builds, in addition to practically 60,000 Bitcoin addresses. Notably, that is the second time the ransomware group has been hacked, with the earlier assault occurring in 2024.

LockBit Hack Reveal Insights Into The Gang’s Workings

The information breach was first spotted by X (previously often known as Twitter) person Rey, who posted a screenshot of the admin panel. All of the admin and affiliate panels had been reportedly taken over to show the message, “Don’t do crime[.]CRIME IS BAD xoxo from Prague.” The textual content is adopted by the MySQL hyperlink “paneldb_dump.zip.”

According to a BleepingComputer report, the hyperlink results in a MySQL file containing a large database. The information reportedly options 20 totally different tables, the place some tables revealed details about how the ransomware group functioned, in addition to its malware builds.

One of the tables, labelled “btc_addresses,” reportedly options as many as 59,975 distinctive Bitcoin addresses. Another “builds” desk is alleged to function particular person malware builds that had been created by the group’s associates. These are mentioned to be totally different variations of the identical ransomware that the group used to assault others. Some of the builds reportedly additionally talked about the names of the focused corporations. This desk can also be mentioned to function public keys to the builds, however no personal keys. Private keys are essential to entry the ransomware.

Apart from this, the database reportedly featured a “builds_configurations” that exposed details about totally different configurations used for every model of the malware. The most fascinating info, nevertheless, was reportedly contained within the “chats” desk.

The desk is alleged to include 4,442 negotiation messages between the LockBit ransomware operators and victims. The messages reportedly had been dated between December 19, 2024 and April 29. This checklist highlighted totally different extortion methods utilized by the gang.

Further, a “customers” desk reportedly revealed the names of 75 admins and associates of the group. These names had been mentioned to belong to people who had entry to the panels. Additionally, the desk additionally contained passwords utilized by the admins in plaintext.

In a separate post, Rey shared a dialog with a LockBit operator, who goes by the username “LockBitSupp”, confirming the info breach. The operator acknowledged that the supply code of the ransomware and personal keys weren’t misplaced through the hack. The group or particular person behind the LockBit hack is at the moment not identified.