Scammers who prey on the fears of individuals are high on my list of “most hated” cybercriminals, if I’m being honest, but they are not number one. That honour belongs to the organized ransomware gangs that have absolutely no qualms about attacking hospitals and blood banks, literally putting lives at risk in the pursuit of illicit profit. While offering to pay $250,000 for information on gang members, and law enforcement takedowns and trolling, undoubtedly have an impact when it comes to slowing the ransomware rampage, perhaps the biggest threat could come from inside the gang operations themselves.

The LockBit Ransomware Files

It is encouraging to see reports delving into the techniques and tactics used by ransomware groups such as Balloonfly, the Play malware via an exploited Windows zero-day vulnerability, as this can only help defenders protect organizations from future attacks. Threat intelligence is, and always has been, paramount to the fight against cybercrime. Thomas Jefferson wrote, in 1817, “that knowledge is power, that knowledge is safety, and that knowledge is happiness,” and I can’t help but be reminded of that today. I doubt, however, that members of the LockBit cybercrime group will find much safety or happiness in the knowledge that has just been leaked.

As confirmed by Lawrence Abrams at Bleeping Computer, the LockBit ransomware group has been hacked. The group’s “dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump,” Abrams said. A threat actor account on X, was first to spot the hack, and Abrams confirmed that the database itself contained almost 60,000 unique bitcoin wallet addresses as well as more than 4,400 negotiation messages between attackers and victims. Interestingly, there is also a table of admins and ransomware affiliate actors, including plaintext passwords.