LockBit victims who are still trying to clean up their encrypted files are in luck: the FBI has a big set of decryption keys it would love to let you try. 

The FBI, UK's National Crime Agency, and other international partners dismantled the operations of notorious ransomware gang LockBit this past February. The prolific gang has been responsible for thousands of ransomware infections in the past few years.

Following its takedown in February, international police named the suspect they believe is the kingpin behind LockBit - a Russian citizen named Dmitry Khoroshev. The FBI says they've been in communication with Khoroshev. Given the suspect lives in Russia, he's unlikely to face trial in the US or other western nation that's charged him with a crime. 

While law enforcement and Khoroshev continue to communicate, FBI cyber division assistant director Bryan Vorndran said yesterday that the agency's continued combing through of LockBit data keeps paying dividends for victims and law enforcement. 

"From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," Vorndran said at the Boston Conference on Cyber Security yesterday. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center." 

LockBit victims still aren't safe, though

"Ransomware attacks are almost always coupled with data theft," Vorndran added. "We determined that LockBit and its affiliates were still holding data they told LockBit victims they had deleted - after receiving ransom payments." 

So while it's great the FBI is handing out decryption keys, LockBit victims shouldn't assume the worst has come to pass, even with the gang disrupted. LockBit has been claiming responsibility for attacks as recently as late last month when it allegedly hit Canadian pharmacy chain London Drugs - so it's down, but hardly out. 

"When companies are extorted and choose to pay to prevent the leak of data, you are paying to prevent the release of data right now - not in the future," Vorndran noted. In other words, the FBI might have your data, but there's no reason to assume LockBit doesn't still have its own copy, too - and there's really nothing to be done about it. 

Vorndran said the FBI is having a run of great luck when it comes to disrupting cybercriminal gangs of late, but added that there's no reason to assume that cutting a few heads of a hydra will kill it. In essence, the only way to stay safe is to prevent an infection in the first place 

"We face extremely capable adversaries in China, Russia, Iran, North Korea, and with Russian-based cybercriminals who have safe-haven status in Russia," Vorndran said, urging private organizations to partner with the government to improve everyone's security posture. 

"We need everyone - private industry, nonprofits, academia, the US government - in the boat, rowing in the same direction," Vorndran urged. "This is how we will be most effective." ®

https://www.theregister.com//2024/06/06/lockbit_fbi_decryption_key/