Lockbit Cybercrime Gang Hit by Alleged Hack and Data Leak
The notorious ransomware group Lockbit appears to have been targeted in a breach of its own. A rogue message on one of the group’s dark web sites suggested that the extortionists may have been hacked, leaving their internal communications exposed.
“Crime Is Bad” Message Replaces Gang’s Website
On Wednesday, visitors to one of Lockbit’s known sites found it replaced by a message reading: “Don’t do crime. CRIME IS BAD xoxo from Prague.” The message included a link to what appeared to be leaked data, potentially revealing private chats between Lockbit’s operators and their victims.
Reuters has not independently verified the data. However, several cybersecurity experts who reviewed the materials believe it to be genuine.
“It’s legit,” said Jon DiMaggio, Chief Security Strategist at cybersecurity firm Analyst1.
Christiaan Beek, Senior Director of Threat Analytics at Rapid7, echoed the sentiment, describing the leak as “really authentic.” He noted that the conversations revealed how Lockbit pursued even modest ransoms from small businesses.
“They attack everyone,” he added.
Lockbit’s Dark Web Presence Disrupted
Some of the gang’s dark web sites appeared offline on Thursday, displaying a message stating they would be “working soon.” The group has not issued a statement, and it remains unclear who is behind the apparent breach.
Lockbit has long been considered one of the most prolific ransomware groups. DiMaggio once described it as “the Walmart of ransomware groups” due to its widespread operations and commercial-like structure.
A Blow to the Group’s Reputation
While Lockbit has previously recovered from major law enforcement actions—including a high-profile infrastructure takedown by UK and US agencies last year—this breach may damage its reputation within the cybercrime community.
Following past disruptions, the group quickly returned online, defiantly stating, “I cannot be stopped.” However, DiMaggio believes this latest event could do lasting harm.
“I think it will hurt them and slow them down,” he said, calling the hack an embarrassing setback.
with inputs from Reuters
