Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.
Ransomware, Threat Intelligence
Data breach exposes LockBit ransomware gang

BleepingComputer reports that the LockBit ransomware operation has been impacted by a data breach resulting in the defacement of its admin panels to include a message with a link redirecting to an archive file, which threat actor Rey noted to have an SQL file from its affiliate panel's MySQL database.
Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.
Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds