Hacker Leaks Lockbit database with item of items contains addresses

On Wednesday, an unknown hacker unfolded the data leakage sides of LockBit and diverted them to one page with the following message: “Crime crimes is not a bad crime by Prague.” This message is the same as the one with which the data leaks of the Everest Ransomware Group will be held in early April, which means that this long-term group takes the website offline.

In this case, the message from a download follows for a 7.5 megabyte compression paneldb_dump.zip File with an SQL database stolen from attract bites, which from December 2024 to April 29, contains data stamp stamps.

“While the official confirmation is still outstanding, the data seem legitimate and very informative,” said Alon Gal, co -founder and CTO at Hudson Rock.

Cybersecurity researcher Milivoj Rajić, head of threat information at Dynarisk, told the information security media group that he had the time-consuming process of scanning the 59,975 Bitcoin wallet addresses contained in the dump. “We see clearly that some addresses have money,” he said, and found 100,000 US dollars in Bitcoin after he had scanned only a fraction of these addresses.

Gal said that these cryptocurrency letter addresses could be a “gold mine for the law enforcement agencies to persecute payments” and the compliance of the money in order to expose associated companies. The garbage dump also contains “detailed sacrificial profiles, including domains, valued income and customer -specific ransomware,” he said.

The garbage dump includes numerous between several partners and various victims, IDS for the tox-to-peer-instant messaging tool from affiliates, which could help identify their other activities, said experts.

“When we look at the leaked chats, we can see how aggressive attracting bit was in ransom negotiations,” said Christiaan Beek, Senior Director of Threat Analytics at Rapid7. “In some cases, the victims were put under pressure to pay just a few thousand dollars. In other cases, the group demanded much more: 50,000, 60,000 US dollars or even $ 100,000.”

The leaks have been showing more than 35 active partners for attracting bites since last December, with a further 35 being marked as a “break”, said French ransomware researcher and journalist Valery Riß-Marchive in a contribution to LinkedIn.

According to Slowmist Slowmist Slowchain, the hacker “Prague” or “Xoxo”, who violated the LuckBit administration committee, said “probably a 0-day or 1-day susceptibility to compromise on the web backend and management console.”

The leak follows the operation cronos led by the British national crime authority and the FBI, and names and motivates and motivates the Russian National National Dmitry Yuryevich Khoroshev (32), which is accused of being the attractions behind the “Lockbitsupp” handle. The law enforcement authorities said they had infiltrated the group and received plenty of communication between members and victims. The authorities also received decryption keys for numerous victims who published them and the handles of the partners (see: see: Europol details are aiming for attract bitteries ransomware affiliates).

Lockbit is already trying to downplay the damage caused by its latest leak.

Lockbitsupp told Cybersecurity Researcher “Rey” later on Wednesday that “only the light was hacked with automatic registration, not a single decrypt and stolen company data was damaged”. He also said “Bitcoin addresses and conversations” were leaked, and that “yes, that affects the reputation, but recovery from hacking also affects the reputation.”

Lockbit published a message that a hacker successfully bypassed authentication for a portal that offered automatic registration.

“The database was stolen, but no copies of or sensitive data from sacrificial companies were involved,” said the group. “We examine the exact intrusion method and have initiated the reconstruction process. The main control panel and the blog remain in operation.”

The news also claimed to offer a reward for the identity of the hacker “Prague” or “Xoxo”. “If you can provide precise and reliable information about the identity of this person, I am ready to pay for it,” it says.

This may be a weak attempt by the group to take control of the narrative, since the United States offer up to 10 million US dollars for information that leads to Khoroshev's arrest or conviction.

It is not clear whether the leaks are the last nail in the coffin for attract bites, which was introduced in 2019. Researchers say that the group is a shell of its former self, which until last year, in addition to Blackcat, also known as Alphv, dominated the monthly number of attacks.

The ransomware market has become “broken and unsure”, as the abundance of groups in operation shows, whereby none of them claim far more victims than any other, said ransomware incident firm covenware, part of Veeam, recently in a report.

As soon as strategies for ransomware groups have certainly not expected yields, since the collective authority of the groups to master the victim's attention and blackmail the victim will continue to decrease.

Last but not least, the creditworthiness goes to the western law enforcement authorities if they better disturb the operators, although many live in Russia, which was historically resistant to the persecution of cybercriminals. “Joint law enforcement measures last year systematically affected the resource ransomware actors for the company,” said Coveware.