Oh dear, what a shame, never mind.
Yes, it’s hard to feel too much sympathy when a group of cybercriminals who have themselves extorted millions of dollars from innocent victims have found themselves dealing with their own cybersecurity problem.
And that’s just what has happened to the notorious LockBit ransomware gang, which has been given a taste of its own medicine.
The infamous ransomware-as-a-service (RaaS) operation, which has been behind some of the highest-profile ransomware attacks in history, has itself been breached and had its secrets spilt for anybody to see.
Earlier this week, attacker breached the LockBit group’s infrastructure, defaced its interface used by affiliates, and exposed an Aladdin’s cave of sensitive data in what must be considered a significant blow against one of the most prolific ransomware operations in recent years.
As Bleeping Computer reports, a threat actor known as “Rey” discovered that LockBit’s affiliate panels have been defaced, and replaced with a link to a SQL database.
Alongside the link to the leaked database, a message left by the attackers reads:
“Don’t do crime CRIME IS BAD xoxo from Prague”
The downloadable SQL database contains sensitive information about the criminal gang’s activities, including negotiations between LockBit and its victims, victim profiles (including their estimated revenue), Bitcoin addresses linked to LockBit, possible decryption keys, custom ransomware builds, and a list of 75 admins and affiliates.
According to reports, the data appears to cover the ransomware group’s activities from December 2024 until the end of last month.
Clearly, LockBit’s own cybersecurity was found to be as vulnerable as that of its corporate victims. This is not just embarrassing for LockBit, it could potentially have far-reaching consequences for its members and affiliates. Cybersecurity researchers and law enforcement agencies will be keen to burrow into the leaked information to see what it reveals about LockBit’s activities and tactics, if it will help identify the gang’s affiliates, and potentially disrupt its operations further.
Perhaps most importantly of all, breaches like this undermine the credibility of LockBit, and the trust its current and potential future collaborators will place in the group. Breaches like this damage the reputation of LockBit, and may deter future affiliates from associating with the group for fear of being exposed or arrested.
The news of the latest breach continues what has been a difficult time for LockBit in recent months. Last October, for instance, Europol announced a series of arrests and the seizure of servers used by the group.
A bounty of up to US $15 million is being offered for the identification or location of key individuals in the LockBit gang, and the arrest and/or conviction of anyone involved in its ransomware activities.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Fortra.
Leave feedback about this