FBI obtains 7,000 LockBit ransomware decryption keys

The FBI is encouraging victims of the prolific LockBit ransomware strain to claim one of the agency's recently acquired decryption keys.
gloved hand holding key
(Getty Images)

Victims of ransomware attacks by the Russian ransomware group LockBit can now unlock their encrypted data for free using the 7,000 decryption keys obtained by the FBI, a federal official announced during an event in Boston on Wednesday.

The announcement comes after law enforcement took down the group’s infrastructure in February through “Operation Cronos,” an international operation designed to disrupt LockBit’s business model and expose members of the ransomware gang, FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote Wednesday at the 2024 Boston Conference on Cyber Security.

Though the gang still operates, reports show the mission disrupted its activities.

“From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran said.


As part of its criminal activity, LockBit operates a ransomware-as-a-service business that allows less technical users to purchase ready-made ransomware toolkits to launch their own cyberattacks. LockBit creates malware and licenses the code in exchange for a percentage of the ransoms paid.

According to the Cybersecurity and Infrastructure Security Agency, LockBit was the most deployed ransomware variant across the world in 2022.

“Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation,” read a 2023 CISA advisory.

The group is also known for its double extortion tactic, in which it threatens to publish stolen data if its demands aren’t met. That strategy, which has become commonplace in recent years, was used in LockBit’s attack on Fulton County, Georgia, in January, after the city repeatedly refused to pay the group’s ransom.

LockBit posted samples of sensitive data obtained from Fulton County on its victim-shaming blog in an effort to force payment, but the post was later removed without explanation.


Vordran said the FBI is also reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit the Internet Crime Complaint Center.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Latest Podcasts