FBI Obtains 7,000 LockBit Decryption Keys

Offers victims hope of free data decryption

clock • 3 min read
FBI Obtains 7,000 LockBit Decryption Keys

The FBI has obtained over 7,000 decryption keys for the LockBit ransomware, potentially allowing victims to unlock their data for free.

The news follows a February 2024 sting operation dubbed "Operation Cronos," which significantly disrupted LockBit's operations.

"We now have over 7,000 decryption keys and can help victims reclaim their data and get back online," Bryan Vorndran, FBI Cyber Division assistant director, said on Wednesday.

He was speaking at the 2024 Boston Conference on Cyber Security.

Vorndran urged American victims to reach out to the FBI's Internet Crime Complaint Center (IC3) to begin the process of regaining access to their files. Those in other countries should contact their national cyber authorities.

However, he warned that regaining access to encrypted data doesn't guarantee complete security.

LockBit, like many ransomware groups, employs a double-extortion or "breachstortion" model, meaning they demand not only a ransom for the decryption key but also a separate payment to prevent the stolen data from being leaked online or sold to third parties.

Recovering data with the FBI's keys wouldn't necessarily prevent LockBit from carrying out these threats.

LockBit is a particularly troublesome ransomware group, operating a "ransomware-as-a-service" model that allows less technical attackers to purchase tools for their own cyberattacks. Because of this the LockBit ransomware itself is incredibly widely used: the Cybersecurity and Infrastructure Security Agency (CISA) says it was the most deployed ransomware variant globally in 2022.

LockBit has targeted a range of critical infrastructure sectors since 2020, including finance, healthcare and transportation.

Law Enforcement Fights Back

As part of February's operation, law enforcement hijacked LockBit's dark web marketplace, and used it to leak internal LockBit information.

While LockBit has attempted to rebuild its infrastructure since then, its capacity has significantly diminished.

Last month, a joint operation by law enforcement agencies in the UK, U.S. and Australia unmasked and sanctioned the leader of LockBit ransomware gang.

Dmitry Khoroshev, who previously operated under the online alias LockBitSupp, faces asset freezes and travel bans after authorities exposed his role leading the ransomware group.

Khoroshev was so confident in his anonymity that he had offered a $10 million reward to anyone who could identify him. A wanted poster displayed on LockBit's hijacked site now offers a $10 million reward for information leading to Khoroshev's arrest.

Vorndran said Khoroshev tries to project an image of a mysterious hacker online, using usernames like "Putinkrab," "Nerowolfe" and "LockBitsupp."

"But, really, he is a criminal, more caught up in the bureaucracy of managing his company than in any covert activities. In exchange for the use of his software, he gets a 20% cut of whatever ransoms they collect from innocent people and companies around the world."

During his speech, Vorndran stressed that the vast majority of criminals developing advanced ransomware malware hail from Russian-speaking nations and operate with the structure and tactics of established organised crime syndicates.

"They're entrepreneurial and have successfully lowered barriers to entry through ransomware-as-a-service."

Preventing ransomware attacks should be the primary goal for all organisations, Vorndran said, adding that "prevention efforts should be commensurate with acceptable downtime."

"If acceptable downtime is one day, increasing prevention effort should be a high priority. Without effective steps taken in advance of the breach, an organization can find themselves wholly reliant on the honesty and integrity of bad actors to give them their data back."

This article originally appeared on our sister site, Computing. 

You may also like
Protect AI Releases June 'Bug' Report Including Nvidia And Intel Vulnerabilities

Security

The report lists 31 vulnerabilities.

clock 06-14-2024 • 4 min read
TacitRed: A New Weapon In War On Software Supply Chain Attacks

Security

Any compromised link in the software supply chain can ignite widespread security breaches

clock 06-12-2024 • 4 min read

More on Security

Protect AI Releases June 'Bug' Report Including Nvidia And Intel Vulnerabilities

Protect AI Releases June 'Bug' Report Including Nvidia And Intel Vulnerabilities

The report lists 31 vulnerabilities.

Samara Lynn
clock 06-14-2024 • 4 min read
Microsoft June Patch Tuesday Has Fixes For Windows, Outlook And SharePoint

Microsoft June Patch Tuesday Has Fixes For Windows, Outlook And SharePoint

A relatively quiet month

John Leonard
clock 06-12-2024 • 2 min read
TacitRed: A New Weapon In War On Software Supply Chain Attacks

TacitRed: A New Weapon In War On Software Supply Chain Attacks

Any compromised link in the software supply chain can ignite widespread security breaches

Samara Lynn
clock 06-12-2024 • 4 min read