LockBit Hacked – Plaintext Passwords
a year ago
- #ransomware
- #cybersecurity
- #data-breach
- LockBit ransomware group suffered a major cyberattack, leading to the defacement of its dark web sites and a leak of operational data.
- Attackers exposed 60,000 Bitcoin wallet addresses, 4,500 negotiation chat logs, and custom ransomware variants used in attacks.
- Plaintext passwords for 75 LockBit administrators and affiliates were leaked, revealing a significant security oversight.
- LockBit downplayed the breach, claiming only a 'light panel' was compromised and offering a reward for information on the attackers.
- The breach follows Operation Cronos in February 2024, which temporarily disabled LockBit's infrastructure.
- Experts link the breach to a PHP 8.1.2 vulnerability (CVE-2024-4577), similar to a recent attack on the Everest ransomware operation.
- The leak could permanently damage LockBit's credibility and hinder future activities, given its role in 44% of global ransomware attacks in early 2023.