- LockBit's dark web affiliate panels have been defaced
- A message saying "don't do crime" was left instead
- The attackers leaked chat logs between LockBit's affiliates and victims
The infamous LockBit ransomware group has suffered yet another cyberattack and data breach that has seen its dark web affiliate panels defaced, and some sensitive data leaked.
BleepingComputer reports following the incident, all of the group’s panels are now showing a single message: “Don’t do crime CRIME IS BAD xoxo from Prague.”
They also hold a link to download an archive named “paneldb_dump.zip”, which was first spotted by another threat actor called Rey, who confirmed the archive contained an SQL file dumped from the site affiliate panel’s MySQL database. LockBit also allegedly confirmed the authenticity of the breach to them, as well.
Chats leaked
Apparently, the phpMyAdmin SQL dump showed that the server was running PHP 8.1.2, vulnerable to a critical flaw, tracked as CVE-2024-4577, which is known to have been exploited in the wild.
The archive contains a fair bit - almost 60,000 unique bitcoin addresses, individual encryptor builds developed by affiliates, public keys (but no private keys), victim names, and chat messages of communications between the attackers and the victims, generated between December 19, 2024 and April 29, 2025.
No one took responsibility for the attack just yet. BleepingComputer speculates this might have been the work of the same people who recently broke into Everest’s ransomware dark web site, since the defacement messages were similar in both cases.
This is not the first time LockBit has been attacked. In February 2024, the group had its website and data seized by the authorities as part of “Operation Cronos”. The group took a week to bounce back, but the law enforcement managed to obtain plenty of information not just about the group, but about its affiliates as well.
This led to several arrests connected to the group, including two individuals in Poland and Ukraine, one in France, and two in the UK.
The US Department of Justice also unsealed indictments against Russian nationals Artur Sungatov and Ivan Kondratyev (also known as "Bassterlord") for deploying LockBit ransomware, both of whom are currently in custody and awaiting trial. Finally, an administrator of a bulletproof hosting service used by LockBit was detained in Spain.
Via BleepingComputer
You might also like
- Fortinet firewall bugs are being targeted by LockBit ransomware hackers
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
