Life is crazier than the best of the crime thrillers and at times can send chill down the spine of the best in trade criminals. As we move from physical to cyber crimes, anybody who even knows a bit about the earth shattering ransomware attacks and its gangs, would have certainly heard about the LockBit ransomware gang. LockBit is one of the world’s most prolific cyber extortion gangs, DiMaggio, Chief Security Analyst at Analyst1 once called it “the Walmart of ransomware groups.” It has survived many past disruptions.
As the story goes, the master of trade, the blue eyed boy of the ransomware gangs, LockBit has been hacked. In early May 2025, LockBit’s dark web infrastructure was compromised. The attackers defaced the group’s affiliate panels with a message stating, “Don’t do crime CRIME IS BAD xoxo from Prague,” and it also provided a link to a leaked database containing sensitive information. It was made known in a rogue post to one of the group’s websites. Reuters could not immediately verify the data. Others who sifted through the material told Reuters it appeared authentic.
“It’s legit,” said Jon DiMaggio. Reuters could not immediately reach LockBit or was able to establish who had apparently leaked their data. When some researchers checked up dark web sites associated with LockBit, some appeared to be inoperative on Thursday, displaying a note saying they would be “working soon.” The breach exposed a wealth of internal data including; bitcoin wallet addresses, private encryption keys, chat logs between LockBit and its victims, affiliate user information and credentials, victim negotiation records etc. The data dump could give a deep dive into LockBit’s operations.
The knowledge filtered out of the data dump may aid cyber security experts and law enforcement in mitigating the group’s impact. US and British officials last year through a coalition of international law enforcement agencies seized some of the gang’s infrastructure. A couple of days later the group defiantly announced online, “I cannot be stopped.” Resilience is LockBit’s second skin but this recent breach has dealt a significant blow to its credibility and operational security. This is bound to have a much more lasting impact.
IF A TOP RANSOMWARE GROUP IS HACKED, THEN WHAT IS LEFT OF IT?
Sanjay Sahay
Have a nice evening.