7,000 LockBit Keys Recovered by the FBI! Ransomware Victims Encouraged to Reach Out

In a significant breakthrough in the fight against ransomware, the FBI has announced the recovery of over 7,000 decryption keys for LockBit ransomware victims. This milestone, revealed by FBI Cyber Division Assistant Director Bryan Vorndran at the 2024 Boston Conference on Cyber Security, marks a crucial step in assisting victims to reclaim their encrypted data without any cost.

A Call to Action for Victims
The FBI is urging individuals and organizations previously affected by LockBit ransomware to come forward and take advantage of these decryption keys. "From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," said Vorndran. He encouraged anyone who suspects they were a victim to visit the Internet Crime Complaint Center at ic3.gov.

Operation Cronos: A Multinational Effort
The call for action follows the dismantling of LockBit’s infrastructure in February 2024, as part of a multinational operation known as 'Operation Cronos'. This coordinated effort by law enforcement agencies led to the seizure of 34 servers containing over 2,500 decryption keys. These keys facilitated the creation of a free LockBit 3.0 Black Ransomware decryptor, significantly aiding victims in recovering their data.

The Impact of LockBit Ransomware
LockBit has been a notorious player in the ransomware landscape. The U.K.’s National Crime Agency and the U.S. Justice Department estimate that the gang and its associates have amassed up to $1 billion in ransom payments from around 7,000 attacks on organizations worldwide between June 2022 and February 2024. This staggering figure underscores the widespread impact of their criminal activities.

Continued Threat and Recent Attacks
Despite the successful takedown of their infrastructure, the LockBit gang remains active. They have migrated to new servers and dark web domains, continuing their attacks globally. In a retaliatory move, they have been releasing large volumes of both fresh and previously stolen data on the dark web. One of their recent high-profile attacks targeted the Canadian pharmacy chain London Drugs. This incident followed a law enforcement operation that exposed the leader of LockBit, Dmitry Yuryevich Khoroshev, a 31-year-old Russian national known online as ‘LockBitSupp’.

Assistance and Support for Victims
The recovery of these decryption keys offers a beacon of hope for many who have suffered from LockBit’s attacks. Victims are encouraged to utilize the resources provided by the FBI to decrypt their data and restore their systems. This initiative not only aids in immediate data recovery but also strengthens the collective resilience against ransomware attacks.

The FBI's recovery of 7,000 LockBit decryption keys represents a monumental achievement in cybersecurity efforts. It highlights the importance of international cooperation and persistent efforts in combating ransomware. By reaching out to victims and providing the necessary tools for data recovery, the FBI is taking significant steps towards mitigating the impact of ransomware and supporting affected individuals and organizations. If you have been a victim of LockBit ransomware, visit ic3.gov to report your case and access the decryption keys.