The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data.<\/gwmw><\/h2>\n\n\n\nThe FBI is inviting victims of LockBit ransomware to come forward because it has obtained over 7,000 LockBit decryption keys that could allow them to recover their encrypted data for free.<\/p>\n\n\n\n
“Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.” said<\/strong><\/a> Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security.\u00a0“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”\u00a0<\/em><\/p>\n\n\n\n
In February, a joint law enforcement action code-named\u00a0Operation Cronos<\/a> conducted by law enforcement agencies from 11 countries temporarily disrupted the\u00a0LockBit ransomware<\/a>\u00a0operation.<\/p>\n\n\n\n
![\"LockBit](\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2024\/02\/image-22.png?resize=1024%2C570&ssl=1\")
<\/a><\/figure>\n\n\n\nThis call to action comes after law enforcement\u00a0took down LockBit’s infrastructure<\/a>\u00a0in February 2024 in an international operation dubbed “Operation Cronos<\/a>.”<\/gwmw><\/p>\n\n\n\n
\u201cLockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. Over the last 12 hours this infrastructure, based in three countries, has been seized by members of the Op Cronos taskforce, and 28 servers belonging to LockBit affiliates have also been taken down.\u201d\u00a0reads the NCA\u2019s announcement<\/a>. \u201cThe technical infiltration and disruption is only the beginning of a series of actions against LockBit and their affiliates. In wider action coordinated by Europol, two LockBit actors have been arrested this morning in Poland and Ukraine, over 200 cryptocurrency accounts linked to the group have been frozen.\u201d<\/em><\/p>\n\n\n\n
The free decryptor for the Lockbit ransomware can be downloaded from the website of\u00a0the\u00a0\u2018No More Ransom\u2019<\/a>\u00a0initiative. It\u2019s unclear which version of the ransomware is targeted by the decryptor.<\/gwmw><\/p>\n\n\n\n
The FBI, UK National Crime Agency, and Europol have also unmasked\u00a0the identity of the admin\u00a0of the\u00a0LockBit<\/a>\u00a0ransomware operation, aka \u2018LockBitSupp\u2019 and \u2018putinkrab\u2019 , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.<\/p>\n\n\n\n
\u201cThe sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury\u2019s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs.\u201d reads the press release<\/a> published by NCA.<\/em><\/p>\n\n\n\n
![\"\"](\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2024\/05\/image-5.png?resize=1024%2C1024&ssl=1\")
<\/a><\/figure>\n\n\n\nAccording to the UK agency, data retrieved from the systems belonging to the ransomware gang revealed that from June 2022 to February 2024, the criminals gave orchestrated over 7,000 attacks. The most targeted countries included the US, UK, France, Germany, and China.<\/p>\n\n\n\n
However, despite the law enforcement operation, the LockBit\u00a0group is still active\u00a0and targeted tens of organizations<\/a> since February.<\/gwmw><\/p>\n\n\n\n
LockBit is a prominent ransomware operation\u00a0that first emerged in September 2019<\/a>. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.<\/gwmw><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0ransomware)<\/strong><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"
The FBI is inviting victims of LockBit ransomware to come forward because it has obtained over 7,000 LockBit decryption keys that could allow them to recover their encrypted data for free.<\/p>\n\n\n\n
“Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.” said<\/strong><\/a> Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security.\u00a0“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”\u00a0<\/em><\/p>\n\n\n\n
In February, a joint law enforcement action code-named\u00a0Operation Cronos<\/a> conducted by law enforcement agencies from 11 countries temporarily disrupted the\u00a0LockBit ransomware<\/a>\u00a0operation.<\/p>\n\n\n\n
![\"LockBit](\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2024\/02\/image-22.png?ssl=1\")
<\/a><\/figure>\n\n\n\nThis call to action comes after law enforcement\u00a0took down LockBit’s infrastructure<\/a>\u00a0in February 2024 in an international operation dubbed “Operation Cronos<\/a>.”
\u201cLockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. Over the last 12 hours this infrastructure, based in three countries, has been seized by members of the Op Cronos taskforce, and 28 servers belonging to LockBit affiliates have also been taken down.\u201d\u00a0reads the NCA\u2019s announcement<\/a>. \u201cThe technical infiltration and disruption is only the beginning of a series of actions against LockBit and their affiliates. In wider action coordinated by Europol, two LockBit actors have been arrested this morning in Poland and Ukraine, over 200 cryptocurrency accounts linked to the group have been frozen.\u201d<\/em><\/p>\n\n\n\n
The free decryptor for the Lockbit ransomware can be downloaded from the website of\u00a0the\u00a0\u2018No More Ransom\u2019<\/a>\u00a0initiative. It\u2019s unclear which version of the ransomware is targeted by the decryptor.
The FBI, UK National Crime Agency, and Europol have also unmasked\u00a0the identity of the admin\u00a0of the\u00a0LockBit<\/a>\u00a0ransomware operation, aka \u2018LockBitSupp\u2019 and \u2018putinkrab\u2019 , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.<\/p>\n\n\n\n
\u201cThe sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury\u2019s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs.\u201d reads the press release<\/a> published by NCA.<\/em><\/p>\n\n\n\n
![\"\"](\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2024\/05\/image-5.png?ssl=1\")
<\/a><\/figure>\n\n\n\nAccording to the UK agency, data retrieved from the systems belonging to the ransomware gang revealed that from June 2022 to February 2024, the criminals gave orchestrated over 7,000 attacks. The most targeted countries included the US, UK, France, Germany, and China.<\/p>\n\n\n\n
However, despite the law enforcement operation, the LockBit\u00a0group is still active\u00a0and targeted tens of organizations<\/a> since February.
LockBit is a prominent ransomware operation\u00a0that first emerged in September 2019<\/a>. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0ransomware)<\/strong>