SECURITY
SECURITY
SECURITY
Victims of LockBit ransomware urged to contact FBI for decryption assistance
The U.S. Federal Bureau of Investigation is encouraging victims of the notorious LockBit ransomware gang to contact them after they were able to obtain more than 7,000 decryption keys that can help victims reclaim their data.
The news came via a speech Wednedsay by Bryan Vorndran, assistant director of the FBI’s Cyber Division, at the 2024 Boston Conference on Cyber Security. “From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran said at the conference. “We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”
The news comes nearly three months after LockBit was supposedly taken down in an international law enforcement operation, although the group was back online less than a week later. The more than 7,000 keys cited today are significantly more than the 1,000 claimed to have been seized in the raids back in February.
The raids in February led to authorities in the U.K., the U.S. and Australia revealing new sanctions against LockBit in May and naming a Russian man believed to be the group’s administrator and lead developer.
Russian national Dmitry Khoroshev, known online as LockBitSupp, is claimed to have thrived on anonymity and had previously offered a $10 million reward to anyone who could reveal his identity. As a result of his being identified, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office, the U.S. Department of the Treasury’s Office of Foreign Assets Control and the Australian Department of Foreign Affairs.
Discussing the FBI’s decryption key offer, Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that this is an example of why it’s important to hold on to data that was encrypted by ransomware.
“More than once the infrastructure has been disrupted and decryption keys have been made available,” Kron said. “Even organizations that restore from backups often find themselves missing some of the data, and instances like this where decryption keys are being provided can help them recover this information. It is certainly nice when data can be recovered, however this will not help organizations that have had their data exposed publicly when they refused to pay a ransom. Unfortunately, the encryption piece is just one piece of the puzzle.”
Image: LockBit
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
