LockBit Ransomware Breach Reveals Group Operations

Hackers breached the LockBit ransomware gang's dark web affiliate panels, leaving an anti-cybercrime message and leaking a MySQL database with nearly 60,000 Bitcoin wallet addresses, internal chat logs, and affiliate credentials. Cybersecurity experts have confirmed the authenticity of the data, which also contains over 4,400 victim negotiation messages, ransomware build configurations, and a list of 75 admins and affiliates with plaintext passwords. While LockBit’s operator denied the leak of private keys or highly sensitive data, analysts say the breach could aid law enforcement in tracing ransom payments and understanding LockBit's operations. The breach was first reported by a threat actor named Rey and examined by multiple security teams. It offers unprecedented insight into the group's extortion tactics and financial flows, exposing vulnerabilities and internal risks for ransomware gangs. The attack shares similarities with a recent breach of the Everest ransomware group, suggesting a possible connection.