The cybercriminal group Lockbit appears to have been hacked itself. This was revealed in a post on one of the group's websites on Wednesday, according to the Reuters news agency and security analysts who follow the group's activities. On Wednesday, one of Lockbit's pages on the dark web - also known as "the dark web" - was replaced with a message with the words:
- Don't commit crime. Crime is bad. Xoxo (kiss and hugs, ed.) from Prague.
The same message contained a link to what appeared to be a temporary data repository with leaked data.
Lockbit offers ransomware as a service. It is a computer program that a hacker installs on a foreign computer device so that the owner cannot access his data. The group works by demanding ransoms from owners if they want access to their data again.
Security analysts: Looks real
Reuters was not immediately able to verify the data, but several security analysts the news agency spoke to said it appeared authentic.
- It's real, said Jon Dimaggio, chief security strategist at cybersecurity firm Analyst1.
Chistiaan Beek, head of cybersecurity firm Rapid7, told Reuters that he agreed that the attack "really looks authentic." He noted in particular that the data leak showed how Lockbit's hackers are swindling even modest amounts from small businesses.
- They're attacking everyone, he said.
Reuters was not immediately able to contact Lockbit or find out who had apparently leaked the group's data. Some dark web sites associated with Lockbit appeared to be down on Thursday, displaying a note saying they would "be back up and running soon." It is unclear whether the sites are back up and running.
Lockbit is one of the world's most prolific cyber-extortion gangs. Dimaggio once called it "the Walmart of ransomware groups," referring to the U.S. retailer.
The group has survived several previous attacks. Last year, British and U.S. authorities joined forces to seize parts of the group's infrastructure. A few days later, the group announced it was back online, writing on its site that "I can't be stopped." Dimaggio said this week's hack was "embarrassing" for the group.
- I think it will hurt them and slow them down, he told Reuters.
Vestas was attacked and blackmailed
Vestas has also been a target of Lockbit's rampage in the past. In November 2021, the group was behind a cyberattack on the wind turbine manufacturer and subsequently tried to blackmail the wind turbine manufacturer with threats to publish the data that they gained control of in the attack. This is reported by DR.
Vestas chose not to comply with the hackers' demands. Therefore, the hacker group took the threats seriously and leaked the data on the Dark Web.
Vestas subsequently stated that the majority of the leak concerned non-sensitive information such as names, emails, phone numbers, job applications, CVs and salaries. Only to a lesser extent was there sensitive personal information such as passport and bank account information.
/ritzau/amp
Text, graphics, images, sound, and other content on this website are protected under copyright law. DK Medier reserves all rights to the content, including the right to exploit the content for the purpose of text and data mining, cf. Section 11b of the Copyright Act and Article 4 of the DSM Directive.
Customers with IP agreements/major customer agreements may only share Danish Offshore Industry articles internally for the purpose of handling specific cases. Sharing in connection with specific cases refers to journaling, archiving, or similar uses.
Customers with a personal subscription/login may not share Danish Offshore Industry articles with individuals who do not themselves have a personal subscription to Danish Offshore Industry.
Any deviation from the above requires written consent from DK Medier.
