In a significant advancement in the fight against cybercrime, the FBI has acquired over 7,000 decryption keys from the notorious LockBit ransomware group. This development is poised to help numerous victims regain access to their encrypted data and mitigate further financial damage.
Bryan Vorndran, assistant director of the FBI’s Cyber Division, announced the news at a recent event, detailing the agency’s ongoing efforts against cyber adversaries. “From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran stated. This acquisition is a result of a concerted global effort involving multiple agencies and international partners.
LockBit, managed by Russian coder Dimitri Khoroshev, operates on a ransomware-as-a-service model. Khoroshev, using aliases like “Putinkrab” and “NeroWolfe,” licenses LockBit ransomware to numerous affiliate criminal groups.
These affiliates execute ransomware attacks, sharing a portion of the ransom with Khoroshev. Vorndran described this operation as analogous to traditional organized crime, noting that LockBit has been responsible for over 1,800 attacks in the U.S. and more than 2,400 globally, affecting sectors like healthcare, finance, and education.
The FBI’s disruption of LockBit was a complex, multi-year operation that involved collaboration with agencies from ten countries, including the British National Crime Agency. The operation culminated in February 2024, with technical maneuvers to seize infrastructure and impose sanctions on LockBit and its affiliates.
Khoroshev, seeking leniency, attempted to turn over his competitors but was met with firm resistance. “We will not go easy on him,” Vorndran asserted. The Justice Department has unsealed 26 charges against Khoroshev and six co-conspirators for fraud, extortion, and other crimes.
With the 7,000 decryption keys, the FBI is actively reaching out to known LockBit victims. Vorndran urged anyone suspecting they were a victim to contact the FBI through the Internet Crime Complaint Center at ic3.gov. This proactive approach aims to assist victims in recovering their data and minimizing downtime and financial loss.
The FBI’s announcement of the decryption keys comes amid broader efforts – Operation Endgame – to combat cyber threats from state-sponsored actors and organized cybercriminals. Vorndran emphasized the importance of partnerships, stating, “Not one of our past—or future—disruptions is possible without exceptional partnerships. We have to realize, and execute upon this theme, that we are in this together. We are stronger together.”
The FBI’s success against LockBit exemplifies the agency’s strategic focus on disrupting cybercriminal infrastructures and leveraging international cooperation to enhance cyber resilience. As Vorndran aptly concluded, “We need everyone—private industry, nonprofits, academia, the U.S. government—in the boat, rowing in the same direction. This is how we will be most effective.”
