In a twist that’s drawing global attention, the notorious ransomware syndicate Lockbit appears to have fallen victim to a cyberattack of its own. A recent message posted on one of the group’s dark web domains declared: “Don’t do crime. CRIME IS BAD xoxo from Prague”, accompanied by a link to what seems to be internal leaked data.
Cybersecurity experts monitoring Lockbit’s activities have started analyzing the exposed information. While independent verification remains ongoing, early analysis suggests the dump includes real interactions between Lockbit operators and their victims—potentially revealing the inner workings of the cybercrime group.
Jon DiMaggio, Chief Security Strategist at Analyst1, stated, “It looks legitimate.” His sentiment was echoed by Christiaan Beek, a senior director at Rapid7, who also emphasized the apparent authenticity of the files and noted how even small businesses were targeted by Lockbit in pursuit of minor payouts.
Founded years ago, Lockbit has been one of the most aggressive players in the cyber extortion landscape, previously labeled by DiMaggio as the “Walmart of ransomware.” Despite earlier takedown attempts—including infrastructure seizures by international authorities—the group has historically rebounded swiftly, boldly claiming invincibility.
However, analysts believe this breach could be different.
“This is a major blow to their reputation,” DiMaggio added. “Even if they recover, the leak exposes vulnerabilities and may shake their credibility with affiliates.”
Several Lockbit-affiliated dark web portals are currently down or displaying placeholder messages promising to return soon. No one has yet claimed responsibility for the hack, and the group itself has remained silent.
As investigations unfold, this event could mark a rare reversal in the cybercrime world—where the attackers become the compromised.
