The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free.
FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security.
"From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said in a keynote.
"We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov."
This call to action comes after law enforcement took down LockBit's infrastructure in February 2024 in an international operation dubbed "Operation Cronos."
At the time, police seized 34 servers containing over 2,500 decryption keys, which helped create a free LockBit 3.0 Black Ransomware decryptor.
After analyzing the seized data, the U.K.'s National Crime Agency and the U.S. Justice Department estimate the gang and its affiliates have raked in up to $1 billion in ransoms following 7,000 attacks targeting organizations worldwide between June 2022 and February 2024.
However, despite law enforcement efforts to shut down its operations, LockBit is still active and has since switched to new servers and dark web domains.
They are still targeting victims around the world and, in retaliation to the recent infrastructure takedown by U.S. and U.K. authorities, they've kept leaking massive amounts of old and new stolen data on the dark web.
Most recently, LockBit claimed the April 2024 cyberattack on Canadian pharmacy chain London Drugs after another law enforcement operation that doxxed the gang's leader, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev who's been using the "LockBitSupp" online alias.
In recent years, other Lockbit ransomware actors have been arrested and charged, including Mikhail Vasiliev(November 2022), Ruslan Magomedovich Astamirov (June 2023), Mikhail Pavlovich Matveev aka Wazawaka (May 2023), Artur Sungatov and Ivan Gennadievich Kondratiev aka Bassterlord (February 2024).
The U.S. State Department now offers $10 million for any information that would lead to LockBit leadership arrest or conviction and an extra $5 million reward for tips leading to the arrest of LockBit ransomware affiliates.
Comments
GT500 - 3 weeks ago
I can see people being afraid to reach out to the FBI to get their data back...
NoneRain - 3 weeks ago
Yeah, the criminal ones....
GT500 - 3 weeks ago
You remember who the FBI is right? They're that government agency that runs massive datacenters where they store everyone's data. A ton of people were upset about it back when Obama was still President.
Now knowing that, ask yourself why anyone would willingly reach out to the FBI for data recover help. It doesn't make much sense to care about your privacy, and then ask a government agency you know is dedicated to storing as much data about you as possible on the chance that they may some day be able to prosecute you for a crime to help you recover lost data. Even if you've never committed a crime that the FBI would care about, it's still absurd to think of them as being a good place to get data recover help.
NoneRain - 3 weeks ago
I think it's totally plausible to ask for such help. You might be scared of having your company's data being stolen by the gov. agency when you reach them, but maybe the Lockbit in your assets is a more real threat.
If you're afraid of the entities that should be helping with this stuff, you might as well shutdown your system, cuz goddam you're in the hands of enterprises that need to comply with such agencies.
"Even if you've never committed a crime that the FBI would care about, it's still absurd to think of them as being a good place to get data recover help."
Ok, so everyone that reached them in the past because of ALPHV/Blackcat, ESXiArgs, REvil, etc, are all in a bad place today, right? dude...
GT500 - 3 weeks ago
Let's just ignore for a moment the fact that there's usually an anti-virus software company that will make a free decryption tool when keys are made available...
NoneRain - 3 weeks ago
Yeah, we can ignore it since we are already ignoring a lot of enterprises that reached the FBI in the past and are perfectly fine (the ransom groups examples where not random btw). By your standards they were fools and are fked, but, I don't see it like that. We can agree in disagree in this one!
GT500 - 3 weeks ago
Why would anyone know whether the FBI was datamining companies and/or civilians that had come to them for help?
You sound like one of those delusional people who fall for the age-old police state con "if you don't have anything to hide, then you don't have anything to worry about".
Wannabetech1 - 3 weeks ago
The NSA has that big data center in the Utah desert. I'm not sure FBI has massive data centers, but they are all part of the same government. I'll ask here what I've asked elsewhere and just was mocked and not given an answer. Do you trust "the government" and if so why?
Also, seeing how NSA and others spy on us constantly, should we trust the advice they give to us about security?
I'll be interested to see if someone can resist being a dumb ass and actually give a decent reply.
Zakker - 3 weeks ago
No links to Keys, or websites that allow to test your sample files