Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

LOCKBIT INTERNALS LEAKED

Rakesh Krishnan
2 min readMay 9, 2025

NOTE: We will discuss the leak, not the Technical inner workings of LockBit Ransomware. Consider this a Breach Analysis of LockBit Ransomware.

INDEX

INTRODUCTION
UNVEILING PKEYS
CHAT ANALYSIS
CLIENTS
NEWS
MIGRATIONS
FILES
INVITES
INVALID REQUESTS
BUILD & CONFIGURATIONS
BITCOIN WALLETS
WHAT AFTER THE LEAK?
REFERENCE

INTRODUCTION

On 7th May 2025, the server of LockBit was defaced and a file appeared on the server, namely: paneldb_dump sized at 7.12 MB (compressed). It contains the SQL file of LockBit’s internal server sizing at 26.3 MB.

Villain Representation: LockBit | Credit: Self-Gen

The database is: paneldb_dump

In this article, we are going to focus the each section uncovered in the LockBit Breach.

On analyzing, it is found that LockBit is using:-

phpMyAdmin SQL Dump
version 5.1.1deb5ubuntu1
https://www.phpmyadmin.net/
Host: localhost:3306
Generation Time: Apr 29, 2025 at 05:26 PM
Server version: 8.0.41–0ubuntu0.22.04.1
PHP Version: 8.1.2–1ubuntu2.19

InnoDB is being used by Lockbit as a Storage Engine for the Database Management System.

16 Sections are being stored in the Database, namely:-

Table structure for table `api_history`
Table structure for table `btc_addresses`
Table structure for table `builds`
Table structure for table `builds_configurations`
Table structure for table `chats`
Table structure for table `clients`
Table structure for table `events`
Table structure for table `events_seen`
Table structure for table `faq`
Table structure for table `files`
Table structure for table `invites`
Table structure for table `jobs`
Table structure for table `migrations`
Table structure for table `news`
Table structure for table `pkeys`
Table structure for table `system_invalid_requests`

Among them: API History, Jobs, FAQs, Events, Events Seen does not have any records in the LockBit Database.

The rest of them have a considerable amount of data which we will analyze in the following section:-

To read complete report, you can view here:

LOCKBIT RANSOMWARE LEAKED

NOTE: We will discuss the leak, not the Technical inner workings of LockBit Ransomware. Consider this as a Breach…

theravenfile.com

NOTE: The article is purely an Individual Research that belongs to THE RAVEN FILE and is not subject to be used/published anywhere without the Author’s consent.

Follow me on X/Twitter for interesting DarkWeb/InfoSec Short findings! 😉

Ransomware
Darkweb
Infosec
Security
Hacking

--

--

Rakesh Krishnan
Rakesh Krishnan

Written by Rakesh Krishnan

272 followers
17 following

Independent Security Researcher and Threat Analyst. Often sheds light on Dark Web. Regular contributor to Infosec Community. New Website: theravenfile.com

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech