The Russian hacking group LockBit has been hacked itself. A database containing secret internal information has been leaked.
LockBit has had a taste of its own medicine. A database containing alleged chat conversations and sensitive internal operational information has been leaked by an unknown actor, presumably from the Czech Republic. This can be deduced from the message the actor placed with a download link: Don’t do crime CRIME IS BAD xoxo from Prague.
In addition to chat conversations between the hackers, the database contains other sensitive data, such as 60,000 unique Bitcoin addresses, conversations between LockBit and its victims, and ransomware code. The leak thus provides a unique insight into how LockBit operates and could be a potential ‘gold mine’ for law enforcement, writes Cybersecuritynews. For example, ransom payments can be traced through the Bitcoin wallets. Security experts confirm the authenticity of the leaked database.
Hackers themselves don’t always appear to apply the best security practices. LockBit allegedly stored passwords of 75 accounts involved in the organization in plain text. A painful blunder that the hackers would mercilessly punish.
Fallen Superpower
Internal conflicts in the hacker community are not uncommon, but until two years ago, it was unthinkable that anyone would dare to attack LockBit. The Russian group still topped the ransomware chain in 2023 and, at its peak, was responsible for nearly half of ransomware attacks worldwide. LockBit claimed victims globally.
This changed last year when a large-scale international police operation curtailed LockBit’s activities. The group came back quickly, but in the hacking world, reputation is everything. LockBit’s reputation had taken a significant hit due to the police action, causing the group to lose much of its influence. This hack will cause LockBit to fall even further from its pedestal. An international arrest warrant has been issued against the alleged leader of the group, Dimitry Yuryevich Khoroshev, since May 2024, but Russia is not in the habit of extraditing its citizens to Western countries.
read also
A Look into the Russian Cyber Underworld: Reputation, Strict Rules, and Internal Conflict
To save face to some extent, LockBit is trying to downplay the incident. The group reportedly sent out a message stating that ‘no decryptor or business data has been affected’. LockBit even promises a reward for information about the perpetrator of the attack.