{ "id": "9b4c9cbe-af5f-42a5-8f44-832c901fc8e3", "created_at": "2026-04-06T00:16:30.921261Z", "updated_at": "2026-04-10T03:26:47.087911Z", "deleted_at": null, "sha1_hash": "143c77646ade0dd246bcbfcf8ce054d2ec9753d2", "title": "FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2646364, "plain_text": "FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out\r\nBy Sergiu Gatlan\r\nPublished: 2024-06-05 ยท Archived: 2026-04-05 14:17:44 UTC\r\nThe FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000\r\nLockBit decryption keys that they can use to recover encrypted data for free.\r\nFBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on\r\nCyber Security.\r\n\"From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data\r\nand get back online,\" the FBI Cyber Lead said in a keynote.\r\nhttps://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our\r\nInternet Crime Complaint Center at ic3.gov.\"\r\nThis call to action comes after law enforcement took down LockBit's infrastructure in February 2024 in an international\r\noperation dubbed \"Operation Cronos.\"\r\nAt the time, police seized 34 servers containing over 2,500 decryption keys, which helped create a free LockBit 3.0 Black\r\nRansomware decryptor.\r\nAfter analyzing the seized data, the U.K.'s National Crime Agency and the U.S. Justice Department estimate the gang and its\r\naffiliates have raked in up to $1 billion in ransoms following 7,000 attacks targeting organizations worldwide between June\r\n2022 and February 2024.\r\nHowever, despite law enforcement efforts to shut down its operations, LockBit is still active and has since switched to new\r\nservers and dark web domains.\r\nThey are still targeting victims around the world and, in retaliation to the recent infrastructure takedown by U.S. and U.K.\r\nauthorities, they've kept leaking massive amounts of old and new stolen data on the dark web.\r\nMost recently, LockBit claimed the April 2024 cyberattack on Canadian pharmacy chain London Drugs after another law\r\nenforcement operation that doxxed the gang's leader, a 31-year-old Russian national named Dmitry Yuryevich Khoroshev\r\nwho's been using the \"LockBitSupp\" online alias.\r\nIn recent years, other Lockbit ransomware actors have been arrested and charged, including Mikhail Vasiliev(November\r\n2022), Ruslan Magomedovich Astamirov (June 2023), Mikhail Pavlovich Matveev aka Wazawaka (May 2023), Artur\r\nSungatov and Ivan Gennadievich Kondratiev aka Bassterlord (February 2024).\r\nThe U.S. State Department now offers $10 million for any information that would lead to LockBit leadership arrest or\r\nconviction and an extra $5 million reward for tips leading to the arrest of LockBit ransomware affiliates.\r\nhttps://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/\r\nhttps://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out/" ], "report_names": [ "fbi-recovers-7-000-lockbit-keys-urges-ransomware-victims-to-reach-out" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434590, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/143c77646ade0dd246bcbfcf8ce054d2ec9753d2.pdf", "text": "https://archive.orkl.eu/143c77646ade0dd246bcbfcf8ce054d2ec9753d2.txt", "img": "https://archive.orkl.eu/143c77646ade0dd246bcbfcf8ce054d2ec9753d2.jpg" } }