Skip to content

LockBit ransomware gang’s website compromised

  • by
  • 2 min read

Illustration: JMiks | Shutterstock

LockBit, one of the most notorious ransomware gangs, has been compromised by an unknown threat actor. Its dark website has been defaced with a message and a download link to a leaked SQL database containing information on the gang’s operations.

The message on the now-defaced LockBit site reads “Don’t do crime CRIME IS BAD xoxo from Prague.” Interestingly, an identical message was posted on the Everest ransomware group’s Tor site when it was compromised in April 2025. As was the case then, no cybercrime group has yet taken responsibility for the attack.

The leaked SQL file contains a ton of information on LockBit’s operations, including:

  • Conversations between LockBit and its victims
  • Custom ransomware builds
  • List of admins and affiliates with access to the affiliate panel.
  • Bitcoin addresses linked to the group’s operations
  • References to encryption configurations and possibly even decryption keys

Infosecurity Magazine reports that several sources have stated the data dump covers attacks carried out between December 2024 to April 2025. LockBitSupp, the group’s administrator, has also reportedly confirmed the breach. However, they also added that they’ve figured out the reason behind the attack and are doing a full rebuild. At the moment, LockBit’s source code and its decryptors are safe.

This can also be an undercover operation from a law enforcement agency. LockBit gets consistently haggled by law enforcement agencies, and it was almost destroyed in 2024 when multiple law enforcement agencies launched Operation Cronos. The operation resulted in at least four arrests, nine of LockBit’s servers being taken down, its website under law enforcement control, and sanctions.

LockBit has bounced back since, and with big claims. The group claimed to have access to classified FBI information as recently as February 2025. Despite LockBitSupp’s claims, the leak could provide law enforcement agencies the advantage they need to shut down the group for good.

In the News: Masimo confirms cyberattack affecting operations

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of spyware on pc

Masimo confirms cyberattack affecting operations

This is an image of nso group featured 2

NSO Group ordered to pay $167 million to Meta

This is an image of scam featured 123

Scammers are using mystery boxes to steal your credit card

Photo: patrickassale / shutterstock. Com

Anthropic’s Claude AI exploited to for hundreds of fake political personas

Tada images / shutterstock. Com

Google fixes actively exploited Android flaw with May security update

This is an image of scam featured 12341224

Brand new investment scam checks your IP address before scamming

>