LockBit Ransomware Site Hacked, Database Dump Leaked

The LockBit ransomware gang’s dark web leak site was breached, with attackers defacing the portal and leaking a MySQL database tied to its affiliate backend infrastructure. A message reading “Don’t do crime — CRIME IS BAD xoxo from Prague” replaced the homepage, alongside a link to the database dump. LockBit’s operator, known as LockBitSupp, confirmed the breach in a private exchange with another threat actor, stating no private keys or data were lost.

Analysis by BleepingComputer revealed the database contained 20 tables, including 4,442 victim chat logs, plaintext passwords, Bitcoin wallet addresses, and build configurations. Only 44 user accounts were tied to encryptor builds, with 30 active at the time. Cybersecurity experts noted the dump included over 60,000 BTC addresses and ransom demands ranging from $50,000 to $1.5 million. The top victim domains originated from Ethiopia, Colombia, Japan, Brazil, Taiwan, the Philippines, and France. The identity of the attackers remains unknown.