FBI unveils 7,000 decryption keys to aid LockBit victims

6 Jun 2024

Image: © jetcityimage/Stock.adobe.com

These decryption keys were uncovered by the FBI after a massive joint operation disrupted LockBit earlier this year, though the gang appears to still be operational.

The US FBI has revealed that it has more than 7,000 decryption keys to help victims of the notorious LockBit ransomware gang.

These decryption keys were recovered by the FBI as a result of a disruptive operation international law enforcement conducted against LockBit earlier this year. This gang provides ransomware-as-a-service to a global network of ‘affiliates’, giving criminals tools to carry out their own cyberattacks.

In February, the joint operation managed to take down LockBit’s data leak website and managed to uncover a large amount of data about the gang and its activities. Authorities also seized the decryption keys that the FBI is now offering to victims.

In a recent statement, the FBI’s cyber assistant director Bryan Vorndran claimed LockBit was the most deployed ransomware variant in the world by 2022 and that the gang has caused “billions of dollars in damages to victims”.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center,” Vorndran said.

The Lockbit gang has still been active since the joint task force took down its data leak website earlier this year, but the UK’s National Crime Agency recently assessed that the gang is running at limited capacity and that its global threat has been “significantly reduced”.

The alleged mastermind behind the gang – Dmitry Khoroshev – was sanctioned and unmasked last month by UK and US authorities. Vorndran claims Khoroshev has “tried to get us to go easy on him” by turning on his competitors and naming other ransomware-as-a-service operators.

“So, it really is like dealing with organised crime gangs, where the boss rolls over and asks for leniency,” Vorndran said. “We will not go easy on him.”

Raj Samani, SVP and chief scientist at Rapid7, said the release of these decryption keys is “another kick in the teeth” for the LockBit gang and “a great win for law enforcement”.

“The likes of LockBit survive and thrive on victims paying ransom demands, therefore, it’s great to see the US government be proactive and prevent this by releasing the decryption keys for free,” Samani said.

“Ever since law enforcement took down LockBit’s infrastructure in February 2024, they’ve engaged in PR and damage control in order to show strength and maintain the confidence of affiliates. However, such announcements by the FBI damages this confidence, and hopefully we’ll soon see the end of the LockBit ransomware group.”

Not everyone is so optimistic however. Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, told SiliconRepublic.com recently that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com