During a cyber security conference in Boston earlier this month, FBI’s Cyber Division Assistant Director Bryan Vorndran highlighted that the government agency has approximately 7,000 LockBit decryption keys and is willing to share them with any of the thousands of victims of the viral ransomware.

Process for obtaining a decryption key

For the FBI to release a decryption key, the victim must fill out a form located on the FBI’s Internet Crime Complaint Center (IC3). After filling out the LockBit victim reporting form, the FBI asses the request and eventually provides a decryption key so potential victims do not have to pay ransom to the cybercriminals. Knowing that the FBI might have a spare key brings hope to organizations fighting the nasty ransomware.

Eligibility and encouragement

All individuals and entities suffering from LockBit are welcome to request a key if needed. As the FBI is willing to help both US and non-US victims. The government agency openly invites potential victims to take advantage of the keys and suggests that victims don’t pay a ransom in case of a cyber security incident.

The hackers may claim that if the ransom is paid, they will decrypt all files and leave the victim alone. Still, victims often send digital money only to realize that they’ve been tricked again, and the files in question are not decrypted but are up for sale to the highest bidder on the dark web. 

Background on LockBit and FBI’s actions

The FBI’s actions resulted from an ongoing international operation that aimed to disrupt the RaaS (Ransomware-as-a-Serivce) LockBit infrastructure after multiple high-profile attacks on large private organizations and critical infrastructure worldwide.

LockBit is one of the most profitable RaaS groups in the world. Various versions of LockBit have been circulating on the internet for half a decade. Causing losses worth billions of dollars to companies and individuals worldwide. 

Just last month, cybercriminals utilizing the LockBit malicious software managed to compromise the Canadian retail chain London Drugs and asked for a $25 million ransom. The Canadian retail pharmacy chain refused to cooperate, prompting the bad actors to publish some of the stolen info on the dark web.

Identity of LockBit leaders

Even though LockBit has existed for quite some time, the identities of the high-ranking officers at the criminal organization responsible for the creation and distribution of the ransomware remain unknown, with the exception of Dimitry Yuryevich Khoroshev, a Russian national from Voronezh. The US State Department believes Dimitry is a top director at LockBit and offers a $10 million reward for information that could lead to an arrest.