LockBit, the infamous ransomware group, reportedly suffered an enormous information breach on Wednesday. As per the report, the group’s darkish net platform’s admin and affiliate panels have been compromised to point out a message and hyperlink to a MySQL database dump. The database reportedly accommodates 20 tables that embody delicate data across the cybercriminal group’s affiliate community, extortion ways, particulars round malware builds, in addition to practically 60,000 Bitcoin addresses. Notably, that is the second time the ransomware group has been hacked, with the earlier assault occurring in 2024.
LockBit Hack Reveal Insights Into The Gang’s Workings
The information breach was first noticed by X (previously often called Twitter) consumer Rey, who posted a screenshot of the admin panel. All of the admin and affiliate panels have been reportedly taken over to show the message, “Don’t do crime[.]CRIME IS BAD xoxo from Prague.” The textual content is adopted by the MySQL hyperlink “paneldb_dump.zip.”
According to a BleepingComputer report, the hyperlink results in a MySQL file containing an enormous database. The information reportedly options 20 completely different tables, the place some tables revealed details about how the ransomware group functioned, in addition to its malware builds.
One of the tables, labelled “btc_addresses,” reportedly options as many as 59,975 distinctive Bitcoin addresses. Another “builds” desk is alleged to function particular person malware builds that have been created by the group’s associates. These are stated to be completely different variations of the identical ransomware that the group used to assault others. Some of the builds reportedly additionally talked about the names of the focused corporations. This desk can also be stated to function public keys to the builds, however no non-public keys. Private keys are essential to entry the ransomware.
Apart from this, the database reportedly featured a “builds_configurations” that exposed details about completely different configurations used for every model of the malware. The most attention-grabbing data, nevertheless, was reportedly contained within the “chats” desk.
The desk is alleged to include 4,442 negotiation messages between the LockBit ransomware operators and victims. The messages reportedly have been dated between December 19, 2024 and April 29. This record highlighted completely different extortion strategies utilized by the gang.
Further, a “users” desk reportedly revealed the names of 75 admins and associates of the group. These names have been stated to belong to people who had entry to the panels. Additionally, the desk additionally contained passwords utilized by the admins in plaintext.
In a separate submit, Rey shared a dialog with a LockBit operator, who goes by the username “LockBitSupp”, confirming the information breach. The operator acknowledged that the supply code of the ransomware and personal keys weren’t misplaced through the hack. The group or particular person behind the LockBit hack is presently not recognized.
