Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys

Did your company fall victim to the LockBit ransomware? Have cybercriminals left gigabytes of your data encrypted, with no easy route for recovery that doesn’t involve paying a ransom?

Well, don’t fear.

The FBI announced this week that it had obtained over 7,000 decryption keys for the LockBit ransomware and is urging victims to come forward for free assistance.

In a speech at this week’s Boston Conference on Cyber Security, Cyber Assistant Director Bryan Vorndran detailed some of the FBI’s recent successes in the war against cybercrime, including its action against the LockBit ransomware-as-a-service operation.

Vorndran described how LockBit was set up and administered by a 31-year-old Russian called Dmitry Khoroshev (who used online handles such as “LockBitsupp,” “Putinkrab,” and “Nerowolfe”), who receives a 20% cut of whatever payments are extorted from the ransomware’s innocent victims.

“These LockBit scams run the way local thugs used to demand “protection money” from storefront businesses. LockBit affiliates steal your data, lock it down, and demand payment to return your access to it. Then, if you pay the ransom, they return your access to your data. But they also keep a copy, and sometimes they demand a second payment to stop them from releasing your personal or proprietary information online.”

LockBit, one of the world’s biggest ransomware operations, was disrupted by law enforcement in February, sanctions imposed, and multi-million dollar bounties offered for information about the gang’s leaders.

According to Vorndran, Dimitry Khoroshev turned on competing ransomware-as-a-service operators in the hope that the FBI – who had brought 26 charges against him – would “go easy on him.”

“It really is like dealing with organized crime gangs, where the boss rolls over and asks for leniency,” Vorndran told the conference. “We will not go easy on him.”

Despite law enforcement’s attempts to shut down LockBit’s operations, it is still active, and Dmitry Khoroshev remains at large.

That news probably sends a shudder down the spine of companies that have found themselves to be victims of LockBit in the past.

But what will give some a little less anxiety is the FBI’s announcement that it is in possession of over 7,000 decryption keys that “can help victims reclaim their data and get back online.”

The FBI’s Vorndran says that the agency is reaching out to known victims, and is inviting anyone who suspects they fell foul of the LockBit gang to get in touch.

Sharing details of your LockBit infection may not just mean that you might soon receive a free-of-charge decryption key but also help international law enforcement gather more intelligence about the ransomware gang’s activities and strengthen any future prosecutions.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.