- Broadcom allegedly sends demand letters to perpetual VMware license holders
- The Nvidia Shield TV just got a long-awaited update - including these bug fixes
- This quiet AI upgrade actually changed my life
- I tested this $1,200 PTZ camera that's got creators buzzing, and it didn't let me down
- The best Roku TVs of 2025: Expert tested and recommended
LockBit Ransomware Hacked, Insider Secrets Exposed
LockBit, one of the most notorious and prolific cybercrime groups, has been compromised, handing law enforcement and threat intelligence experts a trove of critical insider information.
On May 7, a cyber threat actor known as “Rey” on X discovered that LockBit’s dark web affiliate panels had been defaced and replaced with a message and a download link to a leaked SQL database.
The message read: “Don’t do crime CRIME IS BAD xoxo from Prague.”
The link led to an SQL file containing information on LockBit’s ransomware operations, including:
- Internal chats between LockBit and its victims
- Detailed victim profiles including domains, estimated revenue
- Custom ransomware builds
- Bitcoin addresses linked to LockBit’s operations
- References to encryption configurations and possible decryption keys
- A list of 75 admins and affiliates who had access to the affiliate panel
According to several sources, the data dump seems to cover the ransomware group’s activities from December 2024 to the end of April 2025.
In an alleged Tox conversation with Rey, LockBitSupp, LockBit’s main administrator, whose suspected identity has been revealed as Dmitry Yuryevich Khoroshev, confirmed the hack.
However, he claimed that neither LockBit’s source code nor any of its decryptors had been leaked and that “no stolen company data [was] damaged.”
Read more: Operation Cronos: Who Are the LockBit Admins?
Lockbit Leak: A Trove of Data for Cyber Defenders
The cyber threat intelligence community quickly reacted to the news, with security research collective Vx-underground confirming the data dump’s legitimacy on X.
Speaking to Infosecurity, Alon Gal, CEO of Hudson Rock, confirmed that the data exposed by the unknown leaker was authentic and had been validated by Hudson Rock’s research.
Gal has subsequently launched LockBitGPT, a ChatGPT-based assistant designed to help threat intelligence researchers sort through vast amounts of data.
Valery Riess-Marchive, a French cybersecurity journalist and maintainer of Ransomch.at, a repository of ransomware negotiation chats, said he was working on redacting some victim data from the LockBit chat dump in order to add these logs to his site.
“This clustering will be interesting when studying negotiation patterns,” he said on LinkedIn.
The LockBit data dump could be a game-changer for cyber defenders. The exposed data is expected to:
- Shed light on LockBit’s current activity level
- Enable security researchers to map LockBit’s campaigns and track affiliates
- Allow researchers to adjust previous attack date assessments using the build dates
- Help law enforcement with attribution and Bitcoin wallet tracing
- Provide victims with visibility into their own breach or potential future ones
This data leak comes on the heels of a significant setback for LockBit, which was targeted by a worldwide law enforcement operation in 2024 that severely impacted the group’s operations.
