Dissent@DataBreaches.Net
//
The LockBit ransomware group, a major player in the Ransomware-as-a-Service (RaaS) sector, has suffered a significant data breach. On May 7, 2025, the group's dark web affiliate panels were defaced, revealing a link to a MySQL database dump containing sensitive operational information. This exposed data includes Bitcoin addresses, private communications with victim organizations, user credentials, and other details related to LockBit's illicit activities. The defacement message, "Don't do crime CRIME IS BAD xoxo from Prague," accompanied the data leak, suggesting a possible motive of disrupting or discrediting the ransomware operation.
The exposed data from LockBit's affiliate panel is extensive, including nearly 60,000 unique Bitcoin wallet addresses and over 4,400 victim negotiation messages spanning from December 2024 through April 2025. Security researchers have confirmed the authenticity of the leaked data, highlighting the severity of the breach. The LockBit operator, known as "LockBitSupp," acknowledged the breach but claimed that no private keys were compromised. Despite previous setbacks, such as the "Operation Cronos" law enforcement action in February 2024, LockBit had managed to rebuild its operations, making this recent breach a significant blow to their infrastructure.
Analysis of the leaked information has uncovered a list of 20 critical Common Vulnerabilities and Exposures (CVEs) frequently exploited by LockBit in their attacks. These vulnerabilities span multiple vendors and technologies, including Citrix, PaperCut, Microsoft, VMware, Apache, F5 Networks, SonicWall, Fortinet, Ivanti, Fortra, and Potix. Additionally, the leaked negotiations revealed LockBit’s preference for Monero (XMR) cryptocurrency, offering discounts to victims who paid ransoms using this privacy-focused digital currency. Ransom demands typically ranged from $4,000 to $150,000, depending on the scale of the attack.
Recommended read:
References :
- DataBreaches.Net: CoinPedia reports: “Don’t do crime. CRIME IS BAD. xoxo from Prague.” That’s the message left behind after hackers gave LockBit – a ransomware gang known for extorting millions. Yes, they just got a brutal taste of their own medicine.
- Metacurity: All of the ransomware gang's admin panels now state. "Don't do crime CRIME IS BAD xoxo from Prague," with a link to download a "paneldb_dump.zip." LockBit ransomware gang hacked, victim negotiations exposed
- Searchlight Cyber: Searchlight’s threat intelligence team shares their early observations from the LockBit data leak On May 7 2025 it was reported that the dark web affiliate panel of the Ransomware-as-a-Service (RaaS) group LockBit has been hijacked.
- www.bitdegree.org: LockBit Hacked: 60,000 Bitcoin Addresses and 4,400 Ransom Chats Go Public
- BleepingComputer: The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump.
- hackread.com: LockBit’s dark web domains were hacked, exposing internal data, affiliate tools, and over 60,000 Bitcoin wallets in a…
- Davey Winder: 60,000 Bitcoin Wallets Leaked As LockBit Ransomware Hackers Get Hacked
- www.it-daily.net: LockBit hacker group was hacked
- socradar.io: LockBit Hacked: 60,000 Bitcoin Addresses Leaked
- securityaffairs.com: The LockBit ransomware site was breached, database dump was leaked online
- slcyber.io: Early Analysis of the LockBit Data Leak
- hackread.com: LockBit’s Dark Web Domains Hacked, Internal Data and Wallets Leaked
- The DefendOps Diaries: LockBit Ransomware Gang Hacked: Internal Operations Exposed
- www.scworld.com: Data breach exposes LockBit ransomware gang
- www.itpro.com: LockBit ransomware group falls victim to hackers itself
- Help Net Security: LockBit Hacked: What does the leaked data show?
- Talkback Resources: Valuable information leaked from LockBit ransomware operation's administration panel, revealing details on affiliates, ransom negotiations, and potential infighting within the cybercriminal community.
- ComputerWeekly.com: reports analysis of the LockBit 3.0 data leak
- Tech Monitor: Ransomware group LockBit faces breach, affiliate data exposed
- www.tripwire.com: LockBit ransomware gang breached, secrets exposed
- cybersecuritynews.com: The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations.
- bsky.app: LockBit Ransomware Gang Breached, Secrets Exposed
- OODAloop: LockBit ransomware group was hacked, exposing internal operations data, potentially affecting future operations.
@itpro.com
//
Advanced Computer Software Group, an NHS software supplier, has been fined £3 million by the Information Commissioner's Office (ICO) for security failures that led to a disruptive ransomware attack in 2022. The ICO determined that Advanced Computer Software Group failed to implement appropriate security measures prior to the attack, which compromised the personal information of tens of thousands of NHS patients. The LockBit ransomware group was identified as the perpetrator, gaining access through a customer account lacking multi-factor authentication (MFA).
Personal information belonging to 79,404 people was taken in the attack, including instructions for carers on how to gain entry into the properties of 890 people who were receiving care at home. The stolen data included checklists for medics on how to get into vulnerable people's homes. The ICO cited gaps in applying MFA policies across the organization, a lack of vulnerability scanning, and inadequate patch management as the primary facilitators of the attack.
Recommended read:
References :
- bsky.app: NHS provider Advanced has been fined £3m by ICO for security failures that led to the hugely disruptive ransomware hack in 2022. One shocking new detail - not only was personal info of 79k people taken - it included instructions for carers on how to gain entry into 890 patient's homes.
- The Register - Security: Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.
- techcrunch.com: NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed.
- www.itpro.com: The Information Commissioner's Office (ICO) said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.
- DataBreaches.Net: The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a ransomware attack affecting NHS care. This is nearly half the fine the Information Commissioner’s Office provisionally floated...
- www.cybersecurity-insiders.com: NHS LockBit ransomware attack yields £3.07 million penalty on tech provider
- www.bleepingcomputer.com: UK fines software provider £3.07 million for 2022 ransomware breach
- The DefendOps Diaries: Understanding the 2022 NHS Ransomware Attack: Lessons and Future Preparedness
- Tech Monitor: UK ICO fines Advanced Computer Software £3m after NHS data breach
- www.scworld.com: Advanced slapped with almost $4M fine after LockBit hack
Pierluigi Paganini@Security Affairs
//
The LockBit ransomware group, known for impacting numerous organizations globally, has faced a significant development with the extradition of Rostislav Panev to the United States. Panev, a dual Russian-Israeli national, is suspected of being a key developer for the LockBit ransomware operation. He was apprehended in Israel last August, where authorities discovered incriminating evidence on his laptop, including credentials for LockBit's internal control panel and source code for LockBit encryptors and the gang's StealBit data theft tool.
Panev is accused by the U.S. Department of Justice of developing LockBit's ransomware encryptors and StealBit, with activities spanning from June 2022 to February 2024. The LockBit ransomware group has been active since 2019, impacting over 2,500 victims across 120 countries. The extradition signifies a major step in holding individuals accountable for their roles in facilitating the widespread damage caused by LockBit ransomware.
Recommended read:
References :
- securityaffairs.com: The LockBit ransomware group has impacted over 2,500 victims in 120 countries.
- BleepingComputer: LockBit ransomware operator Rostislav Panev was extradited to the US, admitting to development and maintenance of the malware and providing technical guidance to the group.
- www.scworld.com: The LockBit ransomware group has been active since 2019 and has impacted over 2,500 victims in 120 countries, causing significant financial damage.
Lorenzo Franceschi-Bicchierai@techcrunch.com
//
Rostislav Panev, a dual Russian-Israeli national suspected of being a key developer for the notorious LockBit ransomware operation, has been extradited to the United States. Panev was arrested in Israel in August 2024 following a U.S. provisional arrest request and has now made an initial appearance before a U.S. magistrate, where he was detained pending trial. U.S. authorities allege that Panev played a crucial role in developing the LockBit ransomware from its inception around 2019 through February 2024.
Panev is accused of developing code and maintaining infrastructure for LockBit. The U.S. Department of Justice (DoJ) stated that Panev and his co-conspirators grew LockBit into one of the most active and destructive ransomware groups globally. LockBit operators and affiliates have extracted at least $500 million in ransom payments from victims, causing billions of dollars in lost revenue and recovery costs. The complaint against Panev follows charges brought against other LockBit members, including its alleged primary creator, developer, and administrator, Dmitry Yuryevich Khoroshev, for whom the U.S. is offering a reward of up to $10 million.
Recommended read:
References :
- bsky.app: A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges.
- techcrunch.com: The US Department of Justice announced that Rostislav Panev, who developed code and maintained infrastructure for LockBit, is now in U.S. custody.
- : US authorities have extradited Rostislav Panev on charges of being a developer of the notorious LockBit ransomware
- securityaffairs.com: LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
- BleepingComputer: Suspected LockBit ransomware dev extradited to United States
- The DefendOps Diaries: International Cooperation in Combating Cybercrime: The Extradition of Rostislav Panev
- thecyberexpress.com: Alleged LockBit Ransomware Developer Extradited to U.S. to Stand Trial
- DataBreaches.Net: Dual Russian And Israeli National Extradited To The United States For His Role In The LockBit Ransomware Conspiracy
- The Hacker News: Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
- The Record: Rostislav Panev, who was arrested in Israel in August 2024 on U.S. charges related to dozens of LockBit ransomware attacks, has been extradited and appeared in a New Jersey federal court, authorities said.
- securityonline.info: Major LockBit Ransomware Developer Extradited to U.S.
- hackread.com: LockBit Developer Rostislav Panev Extradited from Israel to the US
- Talkback Resources: Ransomware Developer Extradited, Admits Working for LockBit [mal]
- www.it-daily.net: LockBit ransomware developer extradited to the USA
- www.scworld.com: US extradites alleged LockBit developer
- www.itpro.com: Alleged LockBit developer extradited to the US
|
|
FlagThis - #lockbit