Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Sunday June 09, @07:16AM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Also reported at: FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

These decryption keys were uncovered by the FBI after a massive joint operation disrupted LockBit earlier this year, though the gang appears to still be operational.

The US FBI has revealed that it has more than 7,000 decryption keys to help victims of the notorious LockBit ransomware gang.

These decryption keys were recovered by the FBI as a result of a disruptive operation international law enforcement conducted against LockBit earlier this year. This gang provides ransomware-as-a-service to a global network of ‘affiliates’, giving criminals tools to carry out their own cyberattacks.

In February, the joint operation managed to take down LockBit’s data leak website and managed to uncover a large amount of data about the gang and its activities. Authorities also seized the decryption keys that the FBI is now offering to victims.

In a recent statement, the FBI’s cyber assistant director Bryan Vorndran claimed LockBit was the most deployed ransomware variant in the world by 2022 and that the gang has caused “billions of dollars in damages to victims”.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center,” Vorndran said.

[...] Raj Samani, SVP and chief scientist at Rapid7, said the release of these decryption keys is “another kick in the teeth” for the LockBit gang and “a great win for law enforcement”.

“The likes of LockBit survive and thrive on victims paying ransom demands, therefore, it’s great to see the US government be proactive and prevent this by releasing the decryption keys for free,” Samani said.

“Ever since law enforcement took down LockBit’s infrastructure in February 2024, they’ve engaged in PR and damage control in order to show strength and maintain the confidence of affiliates. However, such announcements by the FBI damages this confidence, and hopefully we’ll soon see the end of the LockBit ransomware group.”

Not everyone is so optimistic however. Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, told SiliconRepublic.com recently that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.


Original Submission

This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Touché) by Frosty Piss on Sunday June 09, @08:00AM

    by Frosty Piss (4971) on Sunday June 09, @08:00AM (#1359920)

    Where are all the "Fuck The State" people? Go ahead and pontificate.

  • (Score: 2, Interesting) by looorg on Sunday June 09, @09:57AM (4 children)

    by looorg (578) on Sunday June 09, @09:57AM (#1359923)

    At the time, police seized 34 servers containing over 2,500 decryption keys, which helped create a free LockBit 3.0 Black Ransomware decryptor.

    Why do they release a batch of 7,000 decryption keys if they have managed to create a decryptor already? If they have that many keys and data about the thing one would think that they should have managed to create their own keygenerator by now that they could just share that instead. If they didn't already find one among all the seized servers.

    Also how many possible keys are their for the lockbit algo? Is 7,000 even a significant number? If they are making billions.

    The FBI urges past victims of LockBit ransomware attacks to come forward ...

    If they are past victims. Doesn't that imply that they paid already and resolved the issue? Or they just ignored it, reformatted and moved on with their digital lives. Otherwise they would still be current victims. Or do they need to figure out if their 7,000 decryption keys actually work for something?

    • (Score: 2) by Barenflimski on Sunday June 09, @10:36AM

      by Barenflimski (6836) on Sunday June 09, @10:36AM (#1359925)

      I'm also trying to figure out a scenario where someone who was Ransomwared 6 or 12 or 18 months ago would need these decryption keys back.

      The majority of companies would have backups. Most would have moved on. If your business went bankrupt, these keys wouldn't be useful.

      Maybe someone lost some pictures on a non-backed up drive? Bitcoin wallet info? The recipe to Coca-Cola?

    • (Score: 4, Insightful) by stratified cake on Sunday June 09, @10:55AM

      by stratified cake (35052) on Sunday June 09, @10:55AM (#1359926)

      >> Why do they release a batch of 7,000 decryption keys if they have managed to create a decryptor already?

      If they release a decryptor and a thousand companies get their data back without contacting the FBI, there's zero solved cases.
      If they don't and ten companies ask for a key, there's ten potentially solved cases for the FBI.

      Wanna guess what looks better on the report card?

    • (Score: 2, Informative) by Anonymous Coward on Sunday June 09, @01:11PM (1 child)

      by Anonymous Coward on Sunday June 09, @01:11PM (#1359934)

      Don't you need the key to decrypt what something was decrypted with? If every computer was encrypted with a unique key, it sounds like they've found 7,000 of those keys, not some universal decrypter. It seems doing the latter would only apply if there was a single key used to encrypt everyone.

      • (Score: 2) by DannyB on Monday June 10, @04:47PM

        by DannyB (5839) Subscriber Badge on Monday June 10, @04:47PM (#1360047) Journal

        What kind of idiot would have a ransomware business model and encrypt every machine with the same key?

        Once a single victim payed the ransom, they could share their key with everyone else.

        --
        Since nobody defrags SSDs anymore, they are more (or less?) prone to failure of their seek mechanisms.
(1)