LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid - #LockBit
The LockBit ransomware group, a major player in global cybercrime, experienced a significant breach on May 7, 2025, when attackers exploited a vulnerability in PHP 8.1.2 (CVE-2024-4577) to deface its dark web infrastructure and leak sensitive data. The breach exposed nearly 60,000 Bitcoin wallet addresses, over 4,400 negotiation messages with victims, details of custom ransomware builds, and plaintext passwords of 75 administrators and affiliates. This incident follows previous disruptions to LockBit's operations, including law enforcement actions under "Operation Cronos" in February 2024. The leaked data provides valuable intelligence for law enforcement and cybersecurity professionals, offering insights into LockBit's financial operations, extortion tactics, and ransomware-as-a-service model. While LockBit attempted to downplay the incident, the breach is likely to undermine the group's credibility, operational capabilities, and reputation among its affiliates.