Finance
Ransomware group Lockbit appears to have been hacked, analysts say
Published by Global Banking and Finance Review
Posted on May 8, 2025
2 min readLast updated: January 23, 2026
Global Banking and Finance Review
Company
Published by Global Banking and Finance Review
Posted on May 8, 2025
2 min readLast updated: January 23, 2026
Lockbit ransomware group reportedly hacked, with leaked data appearing authentic. Analysts confirm breach details as Lockbit's sites go offline.
By Raphael Satter
WASHINGTON (Reuters) -The ransom-seeking cybercriminals behind the extortion group Lockbit appear to have suffered a breach of their own, according to a rogue post to one of the group's websites and security analysts who follow the gang.
On Wednesday one of Lockbit's darkweb sites was replaced with a message saying, "Don't do crime CRIME IS BAD xoxo from Prague" and a link to an apparent cache of leaked data.
Reuters could not immediately determine the authenticity of the data, which appeared to capture chats between the hackers and their victims, among other things. But others who sifted through the material said it appeared legitimate.
"The leaked information looks real," said Christiaan Beek, the senior director of threat analytics at cybersecurity firm Rapid7. In a message posted to LinkedIn on Thursday, he said he was struck by how aggressively Lockbit's hackers appeared to hustle even for relatively small payouts.
"In some cases, victims were pressured to pay just a few thousand dollars," he said.
Reuters could not immediately reach Lockbit or establish who had apparently leaked their data. Some darkweb sites associated with Lockbit appeared to be inoperative on Thursday, displaying a note saying they would be "working soon."
Lockbit is one of the most prolific ransomware gangs operating online - one analyst called it "the Walmart of ransomware groups" - and it has survived past disruptions. Last year British and U.S. officials worked with a coalition of international law enforcement agencies to seize some of the gang's infrastructure. A few days later, the group defiantly announced it was back online, saying, "I cannot be stopped."
(Reporting by Raphael Satter; editing by Edward Tobin)
The Lockbit ransomware group appears to have suffered a breach, as indicated by a rogue post on one of their darkweb sites.
The message stated, 'Don't do crime CRIME IS BAD xoxo from Prague' and included a link to what seemed to be leaked data.
Experts, including Christiaan Beek from Rapid7, believe the leaked information looks real, capturing chats between hackers and their victims.
Lockbit is recognized as one of the most prolific ransomware gangs, often compared to 'the Walmart of ransomware groups.'
Some victims were reportedly pressured to pay just a few thousand dollars, as indicated by the leaked communications.
Explore more articles in the Finance category
