Lockbit ransomware hacked: database and victim chats leaked through

Image with the kind permission of Crypto.news

A group that claims to come from Prague has chopped the dark web panel from Lockbit and triggered sensitive data including its internal systems and Bitcoin money exchanges. Lockbit, a notorious ransomware gang, had affected its internal data package, which contained over 60,000 Bitcoin -BtC addresses, about 75 user registration information and ransom negotiation protocols. Slowmist analysts have published a blog post in which the violations were described.

The attackers have accessed a light PHP-based management platform used by LockBit. Slowmist speculated that the hacker probably exploited a PHP weak point that was pursued as CVE-2024-4577 to violate the web backend. Lockbit later claimed that only the lightweight was compromised and assured that “no descriptions were stolen and no company data was affected”. Since then, they have offered a premium for information about the hacker, although the US government previously offered up to $ 15 million for information about Lockbit members.

Chats and data are leaked

Image with the kind permission of Slowmist

The violation unveiled chats between attraction and his victims and showed a detailed recording of ransom negotiations. This data could be of crucial importance for monitoring ransomware operations and the development of solutions to combat such threats. Companies that focus on identity and access management (IAM) could use these findings to improve their security measures, especially when looking at solutions such as SSO and MFA.

Bleeping computer reported that the SQL dump included victims and communications for several months. The archived data also contained individual encryption builds that were developed by partners and possibly help to understand how this ransomware operations work.

Earlier attacks on LuckBit

Luckbit was suspended before earlier attacks, including a significant law enforcement operation called “Operation Cronos” in February 2024, which led to the confiscation of your website and data. This operation led to numerous arrests associated with the group, including Russian citizens who were associated with the provision of attracted ransomware. The U.S. Ministry of Justice has indefinitely accused of accusing these people and illuminates the continuous efforts to deposit ransomware networks.

Image with the kind permission of Techradar

In view of these developments, companies have to re -evaluate their security protocols. The implementation of safe SSO and user management becomes essential for the protection of sensitive data. The API-First platform from SSOJET offers robust solutions for companies with directory synchronization, Saml, OIDC and Magic Link authentication that can weaken the risks associated with such violations.

For companies that want to improve their security frames, SSOJET offers the tools that are required for effective user management and secure authentication. Explore our services or contact us to learn more about how we can protect your organization from ransomware threats.

*** This is a safety blogger -Syndicated -Blog by Ssojet, which was written by Goverdhan Sisodia. Read the original post at: