WASHINGTON: The ransom-seeking cybercriminals behind the extortion group Lockbit appear to have suffered a breach of their own, according to a rogue post to one of the group’s websites and security analysts who follow the gang.
On Wednesday one of Lockbit’s darkweb sites was replaced with a message saying, “Don’t do crime CRIME IS BAD xoxo from Prague” and a link to an apparent cache of leaked data.
Reuters could not immediately verify the data, which appeared to capture chats between the hackers and their victims, among other things. But others who sifted through the material told Reuters it appeared authentic.
“It’s legit,” said Jon DiMaggio, the chief security strategist with the cybersecurity company Analyst1.
Christiaan Beek, senior director of threat analytics at cybersecurity firm Rapid7, agreed the leak “looks really authentic.” He said he was struck by how it showed Lockbit’s hackers hustling even for modest payouts from small businesses.
“They attack everyone,” he said.
Reuters could not immediately reach Lockbit or establish who had apparently leaked their data. Some darkweb sites associated with Lockbit appeared to be inoperative on Thursday, displaying a note saying they would be “working soon.”
Lockbit is one of the world’s most prolific cyber extortion gangs — diMaggio once called it “the Walmart of ransomware groups” — and it has survived past disruptions. Last year British and US officials worked with a coalition of international law enforcement agencies to seize some of the gang’s infrastructure. A few days later, the group defiantly announced it was back online, saying, “I cannot be stopped.”
Behind the bravado, diMaggio said this week’s hack was an embarrassment.
“I think it will hurt them and slow them down,” he said.
