FBI invites LockBit victims to reach out after obtaining 7k decryption keys

FBI invites LockBit victims to reach out after obtaining 7k decryption keys

The FBI is inviting victims of the LockBit ransomware gang to get in touch after obtaining 7,000 decryption keys from the threat group.

During a keynote speech at the 2024 Boston Conference on Cyber ​​Security discussing the ongoing LockBit disruption, a procedure known as Operation Cronos, FBI Cyber ​​Division Deputy Director Bryan Vorndran revealed that there had been secured 7,000 keys.

“We now have more than 7,000 decryption keys and can help victims recover their data and get back online,” Vorndran said on Wednesday (June 5).

“We are contacting known victims of LockBit and encourage anyone who suspects they were a victim to visit our Internet Crime Reporting Center at ic3.gov.”

Operation Cronos first came to light in February, when the FBI, along with global law enforcement agencies from the United Kingdom, Germany, Canada and Australia, seized the group’s dark web leak site.

“This site is now under the control of the UK National Crime Agency, working in close co-operation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the sites now say .

“We can confirm that LockBit services have been disrupted as a result of international law enforcement action; this is an ongoing and developing operation.”

Following this, law enforcement gave the group a taste of its own medicine, leaking the threat group’s source code and some internal information on its own leak site while releasing decryption keys to victims.

Despite this, LockBit was back up and running later that month and returned with a vengeance, listing major organizations such as London Drugs and OracleCMS, the latter of which led to organizations and agencies using OracleCMS being breached, such as Nissan Oceania, a series of Australian companies. councils and more.

Vorndran’s opening speech provided an analysis of Operation Cronos and its findings.

“LockBit was created by a Russian coder named Dmitry Khoroshev,” he said.

“He maintains the image of a shadowy hacker, using online aliases such as ‘Putinkrab’, ‘Nerowolfe’ and ‘LockBitsupp’. But in reality, he is a criminal, more trapped in the bureaucracy of managing his company than in any covert activity.”

Khoroshev was sanctioned by the United States, the United Kingdom and Australia and, according to Vorndran, began offering up his competitors in the hope of a softening blow from the FBI.

“Khoroshev then tried to get us to go easy on him by attacking his competitors, naming other ransomware-as-a-service operators,” Vorndran said.

“So it really is like dealing with organized crime gangs, where the boss turns around and asks for leniency.

“We won’t go easy on him.”

The FBI also discovered that LockBit and its affiliates were storing stolen data after their victims paid them a ransom, despite telling them they had deleted it.

Leave a Reply

Your email address will not be published. Required fields are marked *