FBI urges LockBit ransomware victims to reach out after securing thousands of decryption keys

ID theft
Image credit: Pixabay (Image credit: Future)

The FBI revealed it has thousands of decryption keys that can unlock data encrypted by the LockBit ransomware

The agency’s Assistant Director for the Cyber Division, Bryan Vorndran, confirmed the news during the 2024 Boston Conference on Cyber Security, and has invited all past LockBit victims to reach out and try to unlock their files.

"From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said in a keynote, BleepingComputer reports. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov."

Exposed credentials

LockBit is one of the world’s largest and most menacing ransomware variants out there, operating under the Ransomware-as-a-Service (RaaS) model. In February this year, the FBI and its international partners mounted Operation Cronos, which disrupted LockBit’s infrastructure and even temporarily shut it down.

The FBI seized 34 servers and gained access to the group’s data leak site. It claimed to have found sensitive information on almost 200 of LockBit’s affiliates and urged them to come forward before they go after them.

However, since the operation did not result in any arrests, LockBit was propped back up in mere weeks. Soon after, the Canadian pharmacy chain London Drugs fell victim. 

Operation Cronos may not have resulted in arrests, but cybercriminals associated with LockBit have been arrested in the past. Mikhail Vasiliev was arrested in November 2022, Mikhail Pavlovich Matveev (aka Wazawaka) in May 2023, Ruslan Magomedovich Astamirov in June 2023, and Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) in February 2024.

The US Government is offering a $10 million reward for anyone who comes forward with information that results in the arrest of LockBit’s operators.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.