In a major development against cybercrime, the US Federal Bureau of Investigation (FBI) has disclosed the recovery of over 7,000 decryption keys to assist victims of the notorious LockBit ransomware gang. This revelation follows a disruptive international law enforcement operation against LockBit earlier this year.
In February 2024, an international law enforcement effort, codenamed Operation Cronos, targeted LockBit’s infrastructure.
This operation led to the takedown of LockBit’s data leak website and the seizure of 34 servers containing extensive data on the gang’s activities. Investigators uncovered more than 2,500 decryption keys from these servers, which the FBI is now offering to victims. The data gathered also facilitated the development of a free decryption tool for the LockBit 3.0 Black Ransomware.
LockBit's Global Impact
LockBit operates a ransomware-as-a-service model, providing tools to a network of affiliates who carry out cyberattacks globally. By 2022, LockBit had become the most deployed ransomware variant worldwide, causing billions of dollars in damages to victims, according to Bryan Vorndran, the FBI’s cyber assistant director.
Further he said, “These LockBit scams run the way local thugs used to demand ‘protection money’ from storefront businesses. LockBit affiliates steal and encrypt data, demanding payment for its return. Even if the ransom is paid, victims are often subjected to further extortion as the criminals retain copies of the data and may demand additional payments to prevent its release online.
FBI's Assistance to Victims
The FBI is proactively reaching out to known LockBit victims, encouraging those affected to visit the Internet Crime Complaint Center. While the recovered decryption keys enable victims to regain access to their data, Vorndran cautioned that this does not prevent LockBit from potentially selling or releasing the data in the future.
“When companies are extorted and choose to pay to prevent the leak of data, you are paying to prevent the release of data right now—not in the future,” he said.
Continued Threat
The fight against ransomware is marked by ongoing challenges. Despite the significant strides made with Operation Cronos, the threat from LockBit remains. In 2022, authorities arrested LockBit associate Mikhail Vasiliev, who received a four-year prison sentence in March 2024.
Additionally, last month, authorities identified the elusive LockBit leader as 31-year-old Russian national Yuryevich Khoroshev.
Vorndran's warning underscores the persistent threat: “Even if you get the data back from the criminals, you should assume it may one day be released, or you may one day be extorted again for the same data.”
