By Raphael Satter
WASHINGTON (Reuters) -The ransom-seeking cybercriminals behind the extortion group Lockbit appear to have suffered a breach of their own, according to a rogue post to one of the group’s websites and security analysts who follow the gang.
On Wednesday one of Lockbit’s darkweb sites was replaced with a message saying, “Don’t do crime CRIME IS BAD xoxo from Prague” and a link to an apparent cache of leaked data.
Reuters could not immediately determine the authenticity of the data, which appeared to capture chats between the hackers and their victims, among other things. But others who sifted through the material said it appeared legitimate.
“The leaked information looks real,” said Christiaan Beek, the senior director of threat analytics at cybersecurity firm Rapid7. In a message posted to LinkedIn on Thursday, he said he was struck by how aggressively Lockbit’s hackers appeared to hustle even for relatively small payouts.
“In some cases, victims were pressured to pay just a few thousand dollars,” he said.
Reuters could not immediately reach Lockbit or establish who had apparently leaked their data. Some darkweb sites associated with Lockbit appeared to be inoperative on Thursday, displaying a note saying they would be “working soon.”
Lockbit is one of the most prolific ransomware gangs operating online – one analyst called it “the Walmart of ransomware groups” – and it has survived past disruptions. Last year British and U.S. officials worked with a coalition of international law enforcement agencies to seize some of the gang’s infrastructure. A few days later, the group defiantly announced it was back online, saying, “I cannot be stopped.”
(Reporting by Raphael Satter; editing by Edward Tobin)