Special Features

Malware Month

FBI encourages LockBit victims to step right up for free decryption keys

The bad news? Gang wasn't deleting victim data after payments

LockBit victims who are still trying to clean up their encrypted files are in luck: the FBI has a big set of decryption keys it would love to let you try. 

The FBI, UK's National Crime Agency, and other international partners dismantled the operations of notorious ransomware gang LockBit this past February. The prolific gang has been responsible for thousands of ransomware infections in the past few years.

Following its takedown in February, international police named the suspect they believe is the kingpin behind LockBit – a Russian citizen named Dmitry Khoroshev. The FBI says they've been in communication with Khoroshev. Given the suspect lives in Russia, he's unlikely to face trial in the US or other western nation that's charged him with a crime. 

While law enforcement and Khoroshev continue to communicate, FBI cyber division assistant director Bryan Vorndran said yesterday that the agency's continued combing through of LockBit data keeps paying dividends for victims and law enforcement. 

"From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," Vorndran said at the Boston Conference on Cyber Security yesterday. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center." 

LockBit victims still aren't safe, though

"Ransomware attacks are almost always coupled with data theft," Vorndran added. "We determined that LockBit and its affiliates were still holding data they told LockBit victims they had deleted — after receiving ransom payments." 

So while it's great the FBI is handing out decryption keys, LockBit victims shouldn't assume the worst has come to pass, even with the gang disrupted. LockBit has been claiming responsibility for attacks as recently as late last month when it allegedly hit Canadian pharmacy chain London Drugs - so it's down, but hardly out. 

"When companies are extorted and choose to pay to prevent the leak of data, you are paying to prevent the release of data right now — not in the future," Vorndran noted. In other words, the FBI might have your data, but there's no reason to assume LockBit doesn't still have its own copy, too - and there's really nothing to be done about it. 

Vorndran said the FBI is having a run of great luck when it comes to disrupting cybercriminal gangs of late, but added that there's no reason to assume that cutting a few heads of a hydra will kill it. In essence, the only way to stay safe is to prevent an infection in the first place 

"We face extremely capable adversaries in China, Russia, Iran, North Korea, and with Russian-based cybercriminals who have safe-haven status in Russia," Vorndran said, urging private organizations to partner with the government to improve everyone's security posture. 

"We need everyone — private industry, nonprofits, academia, the US government — in the boat, rowing in the same direction," Vorndran urged. "This is how we will be most effective." ®

Send us news

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

Good riddance to another pesky tribe of miscreants

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

Private sector helped out with week-long operation – but didn't touch China

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools

Eldorado ransomware-as-a-service gang targets Linux, Windows systems

US orgs bear the brunt of attacks by probably-Russian crew

IcedID henchman gets nine years in clanger for abusing malware to drain bank accounts

The slippery Ukrainian national must also pay a hefty $74 million on top of the jail time

Evolve Bank & Trust confirms LockBit stole 7.6 million people's data

Making cyberattack among the largest ever recorded in finance industry

Affirm fears customer info pilfered during ransomware raid at Evolve Bank

Number of partners acknowledging data theft continues to rise

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan

Business is more lucrative than you might think

Patelco banking services AWOL amid ransomware ruckus

Late fees? Don't worry, the credit union has you covered

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

15K dealerships take estimated $600M+ hit