One of the most notorious ransomware groups, LockBit, has reportedly been hacked, with its internal data leaked online.
According to the blockchain security firm SlowMist, a hacker, presumed to be from Prague, exposed more than 60,000 Bitcoin addresses, along with 75 user credentials and ransom negotiation logs.
The breach also revealed access to a PHP-based management platform used by LockBit. According to SlowMist analysts, the hacker took advantage of a vulnerability in PHP to seize control of LockBit’s management system. This enabled them to obtain sensitive information, thus raising concerns regarding the group’s security measures.
LockBit acknowledged the severity of the attack, but downplayed its impact. In an official statement, the platform admitted the breach and confirmed that no decryptors were lost and the critical company data was not affected. Nevertheless, the platform admitted that the breach would damage the forum’s reputation.
Moreover, the group stated that their source code was still safe even after the incident, and reported that recovery efforts were already in process. In an unprecedented step, the group even posted a bounty to identify the hacker, despite the U.S. government previously offering up to $15 million for information about LockBit operatives.
This attack highlights the vulnerabilities of even the most recognized cybercriminal organizations. Although ransomware gangs are infamous for their abilities in cybersecurity, this event demonstrates that a system can be incapable of resisting hacks.
As the investigations continue, it is unclear to what extent this incident will impact LockBit’s operations. The leakage can set back the group’s current activities, but the chances of its complete recovery remain uncertain.
With law enforcement agencies keeping a close watch on the situation, the future of LockBit as a premier ransomware group now hangs in the balance.
