FBI Releases 7,000 LockBit Ransomware Decryption Keys to Aid Victims

The FBI has revealed that it possesses over 7,000 decryption keys for the LockBit ransomware, enabling victims to recover their data for free.

LockBit, a notorious ransomware group, has been linked to more than 2,400 global attacks, with at least 1,800 affecting U.S. entities. In February, the U.K. National Crime Agency (NCA) led an international operation, named Cronos, that dismantled LockBit’s online infrastructure.

Last month, authorities identified Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the group’s administrator and developer. Despite Khoroshev’s denial, he is accused of revealing other ransomware operators to ease his own legal troubles. LockBit continues to operate but at a reduced scale.

Researcher reported 28 confirmed LockBit attacks in April 2024, ranking it below Play, Hunters International, and Black Basta. The paying ransoms does not guarantee data deletion, advising companies to assume their data could be leaked or extorted again.

The survey of 1,200 security professionals found that organizations typically recover only 57% of compromised data after a ransomware attack, leading to significant data loss and business impact.

New ransomware groups like SenSayQ and CashRansomware (CashCrypt) have emerged, while existing ones like TargetCompany (Mallox and Water Gatpanapun) are enhancing their methods. TargetCompany, using a new Linux variant, exploits vulnerable Microsoft SQL servers to gain access, specifically targeting VMWare ESXi systems.

To protect against LockBit ransomware, ensure all software and systems are up-to-date with the latest security patches. Implement robust backup strategies, regularly backing up critical data to offline or cloud storage solutions. Employing advanced antivirus and anti-ransomware tools can detect and block ransomware attempts.