The U.S. Federal Bureau of Investigation is encouraging victims of the notorious LockBit ransomware gang to contact them after they were able to obtain more than 7,000 decryption keys that can help victims reclaim their data.

The news came via a speech Wednedsay by Bryan Vorndran, assistant director of the FBI’s Cyber Division, at the 2024 Boston Conference on Cyber Security. “From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran said at the conference. “We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”

The news comes nearly three months after LockBit was supposedly taken down in an international law enforcement operation, although the group was back online less than a week later. The more than 7,000 keys cited today are significantly more than the 1,000 claimed to have been seized in the raids back in February.

The raids in February led to authorities in the U.K., the U.S. and Australia revealing new sanctions against LockBit in May and naming a Russian man believed to be the group’s administrator and lead developer.

Russian national Dmitry Khoroshev, known online as LockBitSupp, is claimed to have thrived on anonymity and had previously offered a $10 million reward to anyone who could reveal his identity. As a result of his being identified, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office, the U.S. Department of the Treasury’s Office of Foreign Assets Control and the Australian Department of Foreign Affairs.

Discussing the FBI’s decryption key offer, Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that this is an example of why it’s important to hold on to data that was encrypted by ransomware.

“More than once the infrastructure has been disrupted and decryption keys have been made available,” Kron said. “Even organizations that restore from backups often find themselves missing some of the data, and instances like this where decryption keys are being provided can help them recover this information. It is certainly nice when data can be recovered, however this will not help organizations that have had their data exposed publicly when they refused to pay a ransom. Unfortunately, the encryption piece is just one piece of the puzzle.”

Image: LockBit