# LockBit Ransomware Hacked, Insider Secrets Exposed
In a shocking turn of events, one of the most notorious and prolific cybercrime groups, LockBit, has been compromised, handing law enforcement and threat intelligence experts a valuable trove of critical insider information.
On May 7, a cyber threat actor known as "Rey" on X discovered that LockBit's dark web affiliate panels had been defaced and replaced with a message and a download link to a leaked SQL database. The message read: "Don't do crime CRIME IS BAD xoxo from Prague." The link led to an SQL file containing information on LockBit's ransomware operations, including the group's activities from December 2024 to the end of April 2025.
According to several sources, the data dump seems to cover a significant period of LockBit's ransomware operations. In an alleged Tox conversation with Rey, LockBitSupp, LockBit's main administrator, whose suspected identity has been revealed as Dmitry Yuryevich Khoroshev, confirmed the hack. However, he claimed that neither LockBit's source code nor any of its decryptors had been leaked and that "no stolen company data [was] damaged."
The cyber threat intelligence community quickly reacted to the news, with security research collective Vx-underground confirming the data dump's legitimacy on X. Speaking to Infosecurity, Alon Gal, CTO of Hudson Rock, confirmed that the data exposed by the unknown leaker was authentic and had been validated by Hudson Rock's research.
In response to the leak, Gal has launched LockbitGPT, a ChatGPT-based assistant designed to help threat intelligence researchers sort through vast amounts of data. Valery Riess-Marchive, a French cybersecurity journalist and maintainer of Ransomch.at, a repository of ransomware negotiation chats, said he was working on redacting some victim data from the LockBit chat dump in order to add these logs to his site.
"This clustering will be interesting when studying negotiation patterns," Riess-Marchive said on LinkedIn. "It's a valuable resource for cyber defenders and threat intelligence researchers."
The LockBit data dump could be a game-changer for cyber defenders. The exposed data is expected to provide critical insights into the group's operations, including their tactics, techniques, and procedures (TTPs). With this information, cybersecurity professionals can better understand how LockBit operates and develop effective strategies to counter their activities.
This data leak comes on the heels of a significant setback for LockBit, which was targeted by a worldwide law enforcement operation in 2024 that severely impacted the group's operations. The compromised LockBit organization highlights the ongoing cat-and-mouse game between cybercrime groups and law enforcement agencies.