Ransomware, Threat Intelligence

Data breach exposes LockBit ransomware gang

BleepingComputer reports that the LockBit ransomware operation has been impacted by a data breach resulting in the defacement of its admin panels to include a message with a link redirecting to an archive file, which threat actor Rey noted to have an SQL file from its affiliate panel's MySQL database.

Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds