Home > Security > Security News

LockBit Ransomware Gang Affiliates Breached, Victim Negotiations Exposed

Published on May 8, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Hackers Fight
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google

The LockBit ransomware gang, notorious for its prolific cyberattacks, suffered a breach of its affiliate forums and databases, which exposed critical operational details. The attack targeted LockBit’s dark web affiliate panels.

Attackers defaced the site with a message reading, “Don’t do crime CRIME IS BAD xoxo from Prague,” alongside a link to a MySQL database dump file. The same message was seen on the defaced leak site of the Everest Ransomware gang in April 2025.

LockBit defacement message
LockBit defacement message | Source: Rey on X

The leaked data reveals various internal operations, including:

Affiliate panel 'chats' table
Affiliate panel 'chats' table | Source: BleepingComputer

Known for its global footprint of operations, Everest ransomware is a Russia-linked threat actor responsible for numerous data breaches targeting enterprises and government organizations. 

The LockBit server was running PHP version 8.1.2, which is exposed to the critical vulnerability CVE-2024-4577. This exploit allows remote code execution, making it a likely vector used by the attackers.

The LockBit operator, known as "LockBitSupp," confirmed that affiliate panels were indeed hacked but claimed that no private keys or critical operational data were leaked. Despite these assurances, the timing of the database dump and its public exposure undermine the gang’s reputation and operational secrecy.

This development added another layer to the challenges already faced by the group following law enforcement actions in recent years.

Add a Comment
Related
SocksEscort Cybercrime Proxy Network Taken Down in Operation Lightning, Tens of Servers and Domains Seized
Hacker - Formal - Employee - Insider - Office
Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
ambulance
Bell Ambulance Breach Exposes Almost 240,000 Patients’ Data, Medusa Ransomware Claims Incident
2023 FBI Server Breach Exposed Epstein Investigation Files in an ‘Isolated Cyber Incident’
Stryker Cyberattack Wipes Employee Devices, Handala Claims Closing Almost 80 Offices Belonging to the US Medical Giant 
An abstract image of a data breach settlement with digital currency symbols representing compensation
Cadence Bank Reaches $5.25 Million MOVEit Data Breach Settlement with Claims up to $10,000
Most Popular
SocksEscort Cybercrime Proxy Network Taken Down in Operation Lightning, Tens of Servers and Domains Seized
Hacker - Formal - Employee - Insider - Office
Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
ambulance
Bell Ambulance Breach Exposes Almost 240,000 Patients’ Data, Medusa Ransomware Claims Incident
2023 FBI Server Breach Exposed Epstein Investigation Files in an ‘Isolated Cyber Incident’
Stryker Cyberattack Wipes Employee Devices, Handala Claims Closing Almost 80 Offices Belonging to the US Medical Giant 
An abstract image of a data breach settlement with digital currency symbols representing compensation
Cadence Bank Reaches $5.25 Million MOVEit Data Breach Settlement with Claims up to $10,000
SocksEscort Cybercrime Proxy Network Taken Down in Operation Lightning, Tens of Servers and Domains Seized
Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
Bell Ambulance Breach Exposes Almost 240,000 Patients’ Data, Medusa Ransomware Claims Incident
2023 FBI Server Breach Exposed Epstein Investigation Files in an ‘Isolated Cyber Incident’
Stryker Cyberattack Wipes Employee Devices, Handala Claims Closing Almost 80 Offices Belonging to the US Medical Giant 
Cadence Bank Reaches $5.25 Million MOVEit Data Breach Settlement with Claims up to $10,000

Most Popular
SocksEscort Cybercrime Proxy Network Taken Down in Operation Lightning, Tens of Servers and Domains Seized
Hacker - Formal - Employee - Insider - Office
Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
ambulance
Bell Ambulance Breach Exposes Almost 240,000 Patients’ Data, Medusa Ransomware Claims Incident
2023 FBI Server Breach Exposed Epstein Investigation Files in an ‘Isolated Cyber Incident’
Stryker Cyberattack Wipes Employee Devices, Handala Claims Closing Almost 80 Offices Belonging to the US Medical Giant 
An abstract image of a data breach settlement with digital currency symbols representing compensation
Cadence Bank Reaches $5.25 Million MOVEit Data Breach Settlement with Claims up to $10,000
SocksEscort Cybercrime Proxy Network Taken Down in Operation Lightning, Tens of Servers and Domains Seized
Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
Bell Ambulance Breach Exposes Almost 240,000 Patients’ Data, Medusa Ransomware Claims Incident
2023 FBI Server Breach Exposed Epstein Investigation Files in an ‘Isolated Cyber Incident’
Stryker Cyberattack Wipes Employee Devices, Handala Claims Closing Almost 80 Offices Belonging to the US Medical Giant 
Cadence Bank Reaches $5.25 Million MOVEit Data Breach Settlement with Claims up to $10,000

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: