The FBI’s multi-year investigation into the ransomware group Lockbit has resulted in a website takedown, arrests, dozens of criminal charges, and now the retrieval of over 7,000 decryption keys. The federal agency is now looking to help any Lockbit victims and encourages anyone who thinks their data may have been seized to contact the FBI. Unsurprisingly, Lockbit also wasn’t truthful about its practices. The group claimed it would delete victim data after receiving ransom payments. But the FBI found that Lockbit was holding victim data even after ransoms had been paid, FBI Cyber Assistant Director Bryan Vorndran told an audience during a keynote address in Boston, Massachusetts on Wednesday. Back in February when the FBI, the UK’s National Crime Agency, and other international authorities seized Lockbit’s site and charged two Russian nationals for some of the ransomware attacks, the authorities said they had retrieved over 1,000 decryption keys. Less than a week after the initial takedown, Lockbit claimed it was back online via backup servers and said authorities only had keys to about 2.5% of its attacks. Now, that number is much higher.
This Tweet is currently unavailable. It might be loading or has been removed.
In mid-March, Lockbit posted new ransomware attack details online, suggesting the group wasn’t quite finished despite the prior seizure. But by May, authorities revived Lockbit’s site to hint at and then reveal the identity of Lockbit’s alleged administrator, Russian national Dimitry Khoroshev.
Recommended by Our Editors
Khoroshev is the sixth person to be charged in relation to Lockbit. The US sanctioned Khoroshev and hit him with 26 charges that could result in a 185-year prison sentence—if the US manages to extradite in the future.”We will not go easy on him,” Vordran said Wednesday.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
