FBI Urges LockBit Ransomware Victims to Contact IC3; 7,000 Decryption Keys Obtained
The Federal Bureau of Investigation (FBI) is urging victims of LockBit ransomware attacks to get in touch with the Internet Crime Complaint Center (IC3). The FBI has obtained more than 7,000 decryption keys that can be used by past victims to recover from their data breaches for free.
At the 2024 Boston Conference on Cyber Security yesterday, FBI Cyber Assistant Director Bryan Vorndran confirmed that the FBI has obtained a significant number of decryption keys from its ongoing efforts to disrupt the LockBit ransomware operation. The FBI was involved in an international law enforcement operation – Operation Cronos – headed by the UK National Crime Agency that resulted in 34 servers being seized and more than 2,500 decryption keys being obtained. The FBI was able to create a free decryptor to allow victims to recover their files for free, with more obtained from its ongoing operation against the group.
The FBI has also been able to confirm that LockBit ransomware-as-a-service (RaaS) operation was set up by a Russian coder named Dimitri Khoroshev, aka LockBitsupp, who has now been indicted and sanctioned along with six co-conspirators on charges of fraud, extortion, and other crimes. It is unlikely, however, that Khoroshev will face justice as he is believed to live in Russia where there is no extradition treaty, and Khoroshev is unlikely to leave the country.
Khoroshev runs the ransomware-as-a-service operation and recruited hundreds of affiliates and other criminal groups to conduct attacks, retaining 20% of the ransom payments affiliates generate and paying the affiliates 80%. In addition to managing the operation, Khoroshev helps affiliates by setting optimal ransom demands, assisting with laundering cryptocurrency, and providing the infrastructure to support the attacks, including hosting and storage for the stolen data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
LockBit has been the most prolific ransomware group since 2022 and the group is thought to have received more than $1 billion in ransoms and has conducted more than 7,000 attacks between June 2022 and February 2024. The FBI was also able to confirm that the group retains the data stolen in the attack even when victims make payment, with the payment only removing data from the group’s leak site. Operation Cronos was a success but the disruption to the LockBit operation was short-lived. Khoroshev was able to rebuild its infrastructure and the group is still active.
According to Vorndran, Khoroshev turned on his competitors and provided the FBI with the names of operators of other ransomware groups in an attempt to get the FBI to go easy on him, like dealing with organized crime gangs, where the boss rolls over and asks for leniency; however, Vorndran confirmed that the FBI will not go easy on him.
