LockBit ransomware gang gets hacked, leak exposes negotiations with victims
3 minute readPublished: Thursday, May 8, 2025 at 12:23 pm
LockBit Ransomware Suffers Another Blow: Data Leaked and Negotiations Exposed
The notorious LockBit ransomware gang has been hit hard again, with their dark web affiliate panels defaced and sensitive data leaked. This latest cyberattack, reported by BleepingComputer, saw the group's panels replaced with a simple message: "Don't do crime CRIME IS BAD xoxo from Prague." The attackers also provided a link to download a database dump, revealing a treasure trove of information.
The leaked data includes nearly 60,000 unique Bitcoin addresses, individual encryptor builds used by affiliates, public keys, victim names, and, crucially, chat logs of negotiations between the attackers and their victims. These communications span from December 19, 2024, to April 29, 2025, offering a rare glimpse into the inner workings of the ransomware operation. The dump also revealed the server was running a vulnerable version of PHP.
While no one has claimed responsibility for the attack, speculation points to the same group that recently breached the Everest ransomware site. This incident marks another setback for LockBit, which has faced increasing scrutiny from law enforcement. In February 2024, authorities seized their website and data, leading to arrests and indictments, including Russian nationals and an administrator of a bulletproof hosting service.
BNN's Perspective: This ongoing battle between cybercriminals and law enforcement highlights the escalating arms race in the digital world. While the defacement is a symbolic victory, the leaked data provides valuable intelligence for investigators and underscores the importance of robust cybersecurity measures for individuals and organizations alike. It's a reminder that even the most sophisticated criminal enterprises are vulnerable.
Keywords: LockBit, ransomware, data breach, cyberattack, dark web, affiliate panels, leaked data, Bitcoin addresses, chat logs, negotiations, victims, PHP vulnerability, arrests, indictments, cybersecurity.