BleepingComputer reports that the LockBit ransomware operation has been impacted by a data breach resulting in the defacement of its admin panels to include a message with a link redirecting to an archive file, which threat actor Rey noted to have an SQL file from its affiliate panel's MySQL database.
Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.
Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19 and April 29, a "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access, as well as the "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations. Such a breach, which was confirmed by LockBit operator LockBitSupp to not have led to any private key exposure or data loss, comes after the ransomware gang recovered from an international law enforcement effort that disrupted its infrastructure.
