Skip to content
- LockBit ransomware gang falls through its biggest breach of over 60,000 of Bitcoin addresses and internal data.
- SlowMist analysts hypothesise that hackers from Prague were able to compromise LockBit’s backend systems using a PHP vulnerability.
- Following the hack, LockBit pays a reward for information about the attackers, in contrast to previous U.S. reward offers for their members.
The highly active ransomware gang known as LockBit recently suffered a hack. The LockBit cybercrime group’s dark web panel has reportedly been compromised by a hacker or group supposedly based in Prague and leaked some information. The compromised data consists of more than 60 thousand Bitcoin addresses, 75 user identifiers, and chats on the negotiations of ransoms. The attack also affected LockBit’s internal infrastructure, including its Bitcoin wallets as well.
The firm’s blockchain security analysts at SlowMist discovered the data leak and informed users about this in a blog post they published on Thursday. They received a large number of indices in the form of Bitcoin addresses, among which were several addresses related to the payments of the ransoms. An entry indicated that a ransom payment had been made through a Coinbase account. Such a large amount of personal information leaked proves the extent of the cyber attack.
Source: SlowMist
LockBit PHP Vulnerability Exploit
SlowMist analysts think that the hacker used a vulnerability in the LockBit PHP-based management panel as the point of entry. They suggested that this could be due to a 0-day or 1-day exploit. That took the attackers to the backend systems of the web application.
It was instrumental in monitoring the running of the organization since it was a lightweight management platform. Hacking has raised security questions even in such a highly developed criminal organization as LockBit. And demonstrated the presence of vulnerabilities.
In response to the breach, LockBit claimed through its official dark web service channel. The group further stated that only the credential of management console was stolen. But no sensitive data or decryptors were leaked.
Source: SlowMist
However, they admitted that there had been adverse impacts on their reputations as a result of the hacking. LockBit stated that recovery was in progress. Though it could not hide the fact that the attack affected its operations and reputation.
LockBit Offers Cyber Bounty
After being hacked, LockBit has joined the list of ransomware groups offering a bounty for identifying the cybercriminals involved. This move is quite staggering, considering that the U.S. government had offered a $15 million reward to anyone with information on LockBit members. The group, which is powerful and has affected many parts of the world in recent times. Is now working hard to track the individuals who breached their network.
This event raises the issue that even the most professional ransomware groups can be targeted by cybercriminals. More specific stages of exposing LockBit’s internal systems could bring more and more details, which would increase the intensity of countering cybercrime. It is unclear what the long-term implications of this hack are, but it is undeniable that it was a turning point in the battle against ransomware.
