Lockbit, one of the most well-known service as a ransomware (RAAS) groups, suffered a serious security breaches that exposed around 60,000 Bitcoin addresses.
On May 8, blockchain security company Slowmist reported that hackers exploited a PHP 0-day vulnerability to gain unauthorized access to Lockbit’s back-end systems and management consoles.
Slowmist pointed out that the hack led to leaking compressed files containing sensitive data. Other exposed information from the violations include private keys, internal chat records, and related entities details. The hacker left a message on the website.
“Don’t commit criminal crimes Bad crimes are bad Xoxo in Prague. ”
In a message with threat researcher Rey, Lockbit said that only the wallet address and chat log were published from the attack. The platform claimed that people or source code that were stolen from the violation were not stolen.
Meanwhile, Slowmist used the Mistrack system to track one of Lockbit’s Bitcoin wallet addresses.
The company reported that the transaction trail was clearly visible and directly led to known crypto exchanges. This suggests that the attacker may be trying to cash out or wash out any already stolen funds.
Lockbit offers prize money
Lockbit reportedly revealed that only a lightweight admin panel was compromised. We emphasized that core tools such as Locker Builder, Decryptors, and Source code remain safe.
Despite this claim, this violation takes a major blow to the criminal credibility between affiliates and clients.
With an amazing twist, Lockbit provided a bounty for information about the hackers. The group claims that the attacker could be someone based in Prague and called “xoxo.”
The platform states:
“If I can provide accurate and reliable information about this person’s identity, I’ll be happy to pay for it.”
As Lockbit is a target for the US government’s bounty program, this bounty offer comes with hints of irony.
US authorities have denounced groups carrying out more than 2,500 ransomware attacks in more than 120 countries. Nearly 1,800 of these victims reportedly were based in the US.
The Justice Department claims that Rockbit Group forced over $500 million on ransom payments, reaching billions due to factoring total losses, recovery and downtime.