More than 7,000 LockBit decryption keys are now available for victims of the notorious ransomware gang, FBI Cyber Division Assistant Director Bryan Vorndran said in a Wednesday keynote address at the 2024 Boston Conference on Cyber Security.Vorndran said the recovery of the 7,000-plus keys was part of the FBI’s “ongoing disruption” of the gang, which originally had much of its infrastructure disabled by the agency and its international partners in February. The FBI’s original announcement of the takedown operation noted the seizure of decryption keys but did not list an exact number – the UK’s National Crime Agency (NCA) which participated in the takedown, previously stated that it obtained 1,000 decryption keys.“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” Vorndran stated during the keynote.The prospect of newly available LockBit decryption tools is significant, especially after a recent Veeam report found attackers successfully breach backups in 76% of cases, and even backed up data is not always fully recoverable.“This is an example of why it is important to hold on to data that was encrypted by ransomware. More than once the infrastructure has been disrupted and decryption keys have been made available. Even organizations that restore from backups often find themselves missing some of the data, and instances like this where decryption keys are being provided can help them recover this information,” Erich Kron, security awareness advocate at KnowBe4, commented to SC Media.LockBit is estimated to be responsible for more than 2,400 attacks globally, and more than 1,800 in the United States alone, according to Vorndran. The group made a comeback shortly after its disruption but Trellix reported in April that the previous leader in ransomware infections was operating with limited infrastructure and capabilities.On May 7, the U.S. Department of Justice identified and revealed charges against the suspected administration of LockBit, Dimitry Yuryevich Khoroshev. Nevertheless, the ransomware-as-a-service (RaaS) gang continues to claim victims, including Canadian pharmacy and retailer London Drugs last month.Still, the ongoing action by the FBI and release of more decryption keys threatens LockBit’s ability to use file recovery as a bargaining chip in its extortion efforts, Raj Samani, SVP and chief scientist at Rapid7, told SC Media.“Ever since law enforcement took down LockBit’s infrastructure in February 2024, they’ve engaged in PR and damage control in order to show strength and maintain the confidence of affiliates. However, such announcements by the FBI damages this confidence, and hopefully we’ll soon see the end of the LockBit ransomware group,” Samani said.
Ransomware, Incident Response
7K LockBit decryptors offered as FBI seeks trust, cooperation from victims

FBI Cyber Division Assistant Director Bryan Vorndran delivers a keynote address at the 2024 Boston Conference on Cyber Security on June 5, 2024. (Credit: FBI)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



