icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

LockBit Ransomware Gang Hacked, Victim Negotiations Exposed

Summary:
On May 7, 2025, the LockBit ransomware operation suffered a major blow when unknown actors defaced its dark web infrastructure, replacing the usual content with a provocative message: “Don’t do crime CRIME IS BAD xoxo from Prague.” Accompanying the message was a link to download a file titled “paneldb_dump.zip,” which contained a MySQL database dump from LockBit’s affiliate management panel. This 20-table database provides an unusually detailed glimpse into the group’s internal operations. Among the contents were 59,975 unique bitcoin addresses used in ransom payment transactions, records of ransomware builds created by affiliates, some of which named specific targeted companies, and configuration files outlining which systems or file types were to be encrypted or excluded during attacks. Perhaps most revealing was a “chats” table documenting 4,442 extortion-related messages exchanged between LockBit operatives and their victims between December 19, 2024, and April 29, 2025. The leak also exposed a “users” table listing 75 LockBit administrators and affiliates, including their usernames and plainly stored passwords (e.g. “Weekendlover69” and “MovingBricks69420”), underscoring the group's lax security practices.

Security Officer Comments:
‘LockBitSupp,’ a key operator within the LockBit ransomware group, has confirmed the breach, asserting that no private encryption keys were exposed and that neither decryptors nor stolen company data were compromised. In response, the group has offered a bounty for information leading to the identification of the Prague-based hacker responsible for the intrusion. Based on the timestamps in the MySQL database and the most recent negotiation records, the breach appears to have taken place on or shortly after April 29, 2025.

This incident represents not only a technical compromise of LockBit’s infrastructure but also a significant reputational and strategic blow to the ransomware group. The exposure of internal infrastructure, operational tactics, and affiliate credentials may erode trust within the group’s criminal network and deter future collaborators. Furthermore, the detailed data contained in the database dump could prove invaluable to law enforcement agencies, offering leads for attribution, aiding in the identification of victims, and enabling further takedowns of affiliated actors and infrastructure.

Link(s):
https://www.bleepingcomputer.com/ne...ware-gang-hacked-victim-negotiations-exposed/

Contact Us for Threat Assistance
Back to Current Threats