FBI recovers 7,000 LockBit keys; ransomware victims could contact the FBI

Sicherheit (Pexels, allgemeine Nutzung)[German]The FBI has succeeded in recovering a total of 7,000 keys for decrypting files. This may enable the victims concerned to decrypt the encrypted data and thus recover it. This was announced in a presentation by the Deputy Director of the FBI's Cyber Division, Bryan Vorndran, at the 2024 Boston Conference on Cyber Security on Wednesday (June 5, 2024).


In his presentation, Bryan Vorndran discussed the FBI's successes in the fight against cybercrime. He also mentioned the complex strike against the LockBit group set up by Russian Dimitri Khoroshev, which operated a ransomware-as-a-service model. It is estimated that between June 2022 and February 2024, LockBit has stolen up to 1 billion dollars in ransom in 7,000 attacks on companies worldwide.

In February 2024, law enforcement seized 34 servers with over 2,500 decryption keys. With their help, the FBI was able to create a free decryption program for LockBit 3.0 Black ransomware. In the meantime, the FBI has succeeded in reconstructing over 7,000 decryption keys. This enables victims to restore the encrypted files. The FBI is asking LockBit victims to contact the Internet Crime Complaint Center at ic3.gov. If the victim matches the existing decryption key, the FBI can provide the required key so that the encrypted files can be recovered. Bleeping Computer has published an article about that, that summarize the facts more compactly.

Background Lockbit Group

Lockbit is a Russian-speaking group that operates Ransomware-as-a-Service ( RaaS). In this model, the ransomware and infrastructure is made available to other cybercriminals, known as affiliates, who then carry out the attacks. This allows LockBit to scale its operations and reach a larger number of victims. LockBit also uses the technique of double extortion by publishing stolen data on its blog if the ransom is not paid.

The group first became known in 2019 through a malware called ABCD. The Lockbit ransomware, which also has an affiliate program, has been around since 2020. Security researchers now refer to Lockbit 2.0 and Lockbit 3.0 to designate the individual versions of the ransomware.

he group is held responsible for numerous cyber incidents (the linked Wikipedia article names victims, and there are also numerous posts about victims of the group here on the blog). Individual members of the group have already been indicted (in absentia) by the US judiciary. A bounty of 10 million US dollars has been placed on the head of Russian hacker Mikhail Pavlovich Matveev. In Operation Cronos, the Lockbit group's infrastructure was seized in spring 2024 (see Operation Cronos: FBI & Co. seized infrastructure of the Lockbit ransomware gang).


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *