The FBI is offering to victims of recent LockBit ransomware attacks the use of 7,000 decryption keys seized from the ransomware perpetrator so that victims can use the keys to reclaim their seized data.
Bryan Vorndran, assistant director of the FBI’s Cyber Division, discussed that effort during a June 5 speech in Boston, emphasizing some of the fruits yielded by the efforts of U.S. and international law enforcement agencies when they brought down the cybercrime group’s infrastructure earlier this year.
“From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” said Vorndran.
“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” he said.
LockBit has been a prolific ransomware gang that conducted attacks on more than 2,000 victims and received over $120 million in ransom payments. Many of the victims of the ransomware attacks include small and large private businesses as well as organizations tasked with running critical infrastructure.
The Department of Justice (DoJ) charged one of the operation’s masterminds – Dimitry Yuryevich Khoroshev – with 26 crimes that could potentially lead to a 185-year prison sentence for the Russian national.
During his June 5 remarks, Vorndran made it clear that organizations must take action to mitigate the impact of cyberattacks.
“Doing the basics well in a repeatable fashion is the most important thing you can do,” the FBI official said.
“Well-established cybersecurity practices – including MFA [multi-factor authentication] and password management, effective logging and log management, vulnerability and patch management, and maintaining air-gapped, encrypted, and current backups – have to be done in a repeatable fashion by your entire organization,” he emphasized.
