- The FBI recently announced that it found 7,000 decryption keys that can be used to unlock data previously encrypted by ransomware gang LockBit.
- It has urged victims of the gang to reach out to the FBI’s Internet Crime Complaint Center (IC3) and get the process of data retrieval started.
- It’s important to note that although international law enforcement authorities are doing their best to disrupt the gang, Lockbit is still active and attacking. And while these decryption keys can help you get back your data, there’s no guarantee that the gang won’t leak/sell it to a third party.
The FBI has managed to get their hands on 7,000 LockBit decryption keys, which they can use to unlock data (that was previously encrypted by the ransomware gang LockBit) for free i.e. victims don’t have to pay ransom.
This news was revealed by FBI Cyber Division Assistant Director Bryan Vorndran on Wednesday at the 2024 Boston Conference on Cyber Security. He has also asked the past victims of the LockBit gang to come forward and reach out to the FBI’s Internet Crime Complaint Center (IC3) in order to start the process of retrieving their data.
Victims who come from outside the USA need to contact their national cyber crime agency to get their data back.
It’s important to note that notorious gangs like LockBit employ a double-extortion technique. This means that the ransom they demand is not only for giving your data back but also to ensure that they don’t sell it online to a third party.
Therefore, being able to retrieve this data does not guarantee 100% safety; the gang can still sell the stolen data on the dark web.
A Little about the February Lockbit Takedown
This news comes at the heels of a recent joint collaboration between international police agencies to take down the ransomware gang.
Although the gang official did not respond to this blow, one of the members of the gang left a message on an encrypted messaging platform, stating that the website takedown changes nothing because they have backup servers.
Then last month, another joint operation by the US, UK, and Australian authorities managed to get the gang leader of LockBit unmasked and unsanctioned. His name is Dmitry Khoroshev and he used to operate under the name LockBitSupp. For now, authorities have decided to freeze his assets and ban him from traveling.
Nobody knows what happened after that because neither the FBI nor the members of the gang responded to any requests for a comment.
LockBit Still Active
Although the gang’s capacity has indeed gone down, it’s still active and carrying out attacks around the world. In fact, to retaliate against the police forces, the gang recently leaked a huge load of old and new stolen data.
LockBit’s most recent attack was in April 2024 on the Canadian pharmacy chain London Drugs. Another notable LockBit activity was a ransomware attack on the US unit of the ICBC (Industrial and Commercial Bank of China) in November 2023. This sent ripples through global financial markets.
However, on the bright side, authorities haven’t given up hope. They are still trying to nab all the members of the gang and put an end to this operation once and for all.
The U.S. State Department is now offering a reward of $10 million for information about LockBit’s current leader and $5 million for any information that would lead them to LockBit’s affiliates.
