LockBit’s Ransomware Operations Exposed in Major Breach

Lockbit Exposed

LockBit, a known ransomware group, has suffered a significant cybersecurity incident. Hackers defaced its affiliate admin panels and exposed sensitive internal data.

All LockBit panels now display the phrase “Don’t do crime CRIME IS BAD xoxo from Prague.” The message includes a link to a ZIP file titled paneldb_dump.zip. This file contains an SQL database dump from the group’s affiliate portal.

What the Leaked Database Contains

The archive includes 20 tables from LockBit’s MySQL backend. Each table provides insights into the group’s internal operations:

  • Bitcoin Wallets: Nearly 60,000 BTC addresses used by the gang.
  • Builds Data: Includes public keys, build configurations, and partial target lists.
  • Chat Logs: Over 4,000 ransom negotiation messages from December 2024 to April 29, 2025.
  • Users List: 75 affiliates and admins with panel access. Plaintext passwords were exposed.

Cybersecurity analyst Michael Gillespie noted the poor security practices, including weak and explicit passwords such as “Weekendlover69” and “Lockbitproud231.”

No Decryption Keys Leaked, Says LockBitSupp

In a conversation via Tox, a LockBit representative confirmed the breach. However, they claimed no private keys or stolen victim data were lost in the hack.

The SQL dump’s timestamp and the chat log entries indicate the breach occurred around April 29, 2025. It’s still unknown how access was gained, but the defacement mirrors that of a previous attack on the Everest ransomware group.

LockBit’s Tumultuous History with Law Enforcement

In 2024, a joint task force under “Operation Cronos” dismantled LockBit’s infrastructure. Authorities seized 34 servers, data leak sites, cryptocurrency wallets, and thousands of decryption keys.

Despite rebuilding its platform, LockBit has now faced another setback. This breach compounds reputational damage from prior takedowns.

What This Means for Ransomware Networks

The leak could destabilize affiliate trust in LockBit’s leadership. It also raises the risk of further law enforcement scrutiny.

LockBit now joins other ransomware gangs, like Conti and Black Basta, whose backend data has been publicly exposed. While it’s uncertain whether this event signals the group’s collapse, the incident represents a new blow to its operations.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 Eye World AB

Linkedin Youtube

Products

Industries

Knowledge

About Us