Lockbit ransomware hacked – the leaked database contains internal chats

The notorious attraction ransomware has suffered a significant violation. The attackers exposed their dark web infrastructure and contained a comprehensive database with sensitive operating details on May 7th.

The hack is a big blow for one of the most productive ransomware groups in the world.

Lockbits dark websites are now welcomed with a defiant message: “Criminal criminal is not bad.

Security researchers have confirmed the authenticity of the leaked data, which contains a treasure with information about the ransomware operation.

The database comprises approximately 60,000 unique Bitcoin letter pocket addresses that are used for ransom payments, 4,442 negotiation messages between LockBit operators and their victims, which extends from December to the end of April, as well as details on custom ransomware builds that were created for certain attacks.

Perhaps the leak is the most embarrassing a user table with plain text characteristics for 75 administrators and affiliated companies.

Alon Gal, co -founder and CTO at Hudson Rock, described the violation as “gold mine for law enforcement authorities”, which could significantly help with the persecution of cryptocurrency payments and the assignment of attacks to certain threat actors.

Lockbit has tried to downplay the incident. In a message published on her LECK site in the Kyrillic text, the group claimed: “On May 7, she chopped the light field with an autor registration for everyone, the database, no single decrypter and no individual stolen company data were affected.” The group offered payments for information about the Hacker, based in Prague, who is responsible for the violation.

This hack takes place just a few months after Operation Cronos, a coordinated law enforcement measure that temporarily disrupted the Infrastructure of LockBit in February 2024.

While the group managed to rebuild and resume the operations after this takedown, their reputation had already suffered significant damage. The researchers found that many of his recent victim claims from previous attacks or other ransomware groups were recycled.

The violation is similar to a recent attack against Everest Ransomware surgery, in which an identical commitment message was used. Cybersecurity researchers speculate that both attacks may be related to a critical susceptibility in PHP 8.1.2 (CVE-2024-4577), which enables the execution of remote code.

For attracting bit, which was responsible for around 44% of all ransomware incidents in early 2023, this violation represents a potentially devastating setback that could undermine the trust of affiliate and further hinder business activities.

Safety attack simulation about how hacker will quickly examine websites for entry points – free webinar