The database includes approximately 60,000 unique Bitcoin wallet addresses used for ransom payments, 4,442 negotiation messages between LockBit operators and their victims spanning from December to late April, and details of custom ransomware builds created for specific attacks. Visitors to LockBit’s dark web sites are now greeted with a defiant message: “Don’t do crime CRIME IS BAD xoxo from Prague,” alongside a link to download a file named “paneldb_dump.zip” containing a MySQL database dump. In a message posted on their leak site in Cyrillic text, the group claimed: “On May 7, they hacked the light panel with autoregistration for everyone, took the database, not a single decryptor and not a single stolen company data was affected”. For LockBit, which was responsible for approximately 44% of all ransomware incidents globally in early 2023, this breach represents a potentially devastating setback that could undermine affiliate trust and further hinder their operations. Security researchers have confirmed the authenticity of the leaked data, which contains a treasure trove of information about the ransomware operation. Alon Gal, Co-Founder and CTO at Hudson Rock, called the breach “a goldmine for law enforcement” that could significantly aid in tracing cryptocurrency payments and attributing attacks to specific threat actors. The breach resembles a recent attack against the Everest ransomware operation, which used an identical defacement message. The notorious LockBit ransomware operation has suffered a significant breach. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Researchers noted that many of its recent victim claims were recycled from earlier attacks or from other ransomware groups.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 08 May 2025 03:00:01 +0000