Lockbit Hacked: What do the seepled data show?

The partner of the notorious Lockbit-Ransomware-as-A-Service Group (RAAS) was hacked and contained, whereby a link to a MySQL database dump is offered that allegedly trapped data on the processes of the group:

The dark web -refiliate panel (source: help network security)

The violation was confirmed by Lockbitsupp – the Creator, Developer and Administrator of the Lockbit Ransomware Group – who played down the attack by saying that decliners, stolen company data and the ransomware source code were not compromised.

The dump of the Backend MySQL database was apparently generated on April 29, 2025 and contains:

• Almost 60,000 unique Bitcoin addresses / wallets
• User -defined versions of the ransomware that were created for certain attacks and the associated public keys
• Almost 4,500 negotiation news that are replaced by the ransomware operators and victims
• A list of 76 partners (ie user of the partner panel)

The infiltrated data helps the investigators

However, the speculation about the person or group behind the violation is about cyber security, but in cyber security, excitement can be felt due to the leaked data that – many have found, seems to be legitimate.

“Early analysis of the data itself shows that it is partly made up of” user data “for the attraction site, which with a fairly certainty relates to partners or administrators of the group. We have identified 76 users in the data whose user names and passwords are included in the leak,” said Luke Donovan.

“These user data will prove to be valuable for cyber security researchers, since we can learn more about the connected companies of Lockbit and their functionality. Within these 76 users, 22 users connected to you, which has made a messaging service in the hacking community. Hacking forums will be able to learn more about the group, for example the types of access that buy organizations. “

Christiaan Beek, Senior Director of Threat Analytics at Rapid7, found that the negotiating messages show how aggressive attraction is during the ransom negotiations.

It is not known how many of this ransom have been paid out, but the news offers a look at how attracted companies negotiate with victims and show that attracted companies attack with large and small and small organizations.

“In some cases, the victims were put under pressure to pay just a few thousand dollars. In other cases, the group demanded a lot more: 50,000, 60,000 US dollars or even $ 100,000,” emphasized Beek.

Lockbit crippled, but not crushed

The attractions suffered a big blow in 2024 when an international law enforcement company (“Operation Cronos”) took over its dark web -losing site and an additional infrastructure.

The law enforcement measures also led to the arrest and/or indictment of several attract -loving companies in Poland, Ukraine and Russia, the freezing of over 200 cryptocurrency accounts associated with the group and the server.

A few months later, the alleged identity of Lockbitsupp was announced, and a few months later, a person was charged that they allegedly developed software for the ransomware group.

Although it was hit hard, the Lockbit outfit was obviously managing this storm and continuing the operations and recruiting partners. The time will show whether this latest blow will lead to the threat players put the LockBit brand and set up a new criminal outfit.

Subscribe to our email alarm for the email to never miss the latest violations, weaknesses and cyber security threats. Subscribe to here!