The FBI has obtained thousands of LockBit ransomware decryption keys and is offering to help victims of the cyber criminal gang that was caught in a UK-led sting in February 2024. Bryan Vorndran, assistant director of the FBI Cyber Division, announced this at a cyber security conference in Boston, Massachusetts on June 5th. American victims are encouraged to contact the FBI to reclaim their data, while victims in other countries should reach out to their national cyber authorities.
LockBit ransomware was created by Dimitri Khoroshev, known online as LockBitsupp, Nerowolfe, and Putinkrab. The ransomware-as-a-service (RaaS) actors behind LockBit conducted over 2,400 cyber attacks and extorted billions of dollars from victims before the operation was disrupted in February. Since then, authorities have been using Khoroshev’s own tactics against him, exposing his criminal activities and refusing to show leniency.
Raj Samani, senior vice-president and chief scientist at Rapid7, praised the FBI’s release of over 7,000 LockBit decryption keys as a blow to the ransomware group. Khoroshev has been sanctioned by US authorities and faces charges related to fraud, computer damage, and extortion. While some LockBit members have been arrested, Khoroshev’s potential conviction is unlikely due to Russia’s protection of cyber criminals.
Despite the successful takedown of LockBit’s infrastructure, affiliates of the group are still carrying out cyber attacks. Recent victims include a hospital in France, a university in Italy, and a pharmacy chain in Canada. The distribution of LockBit 3.0 through phishing emails orchestrated by the Phorpiex botnet suggests that the threat of LockBit attacks remains, even after the disruption caused by law enforcement.