• To ensure you get the most out of your CIN membership and stay connected with the latest updates, we are asking all members to update their community profiles. Please take a few moments to log in and: • Complete all sections of your profile • Review your current information for accuracy • Enter an alternative email address if desired (CIN requires your valid business email address for your training organization). Keeping your profile up to date helps us better serve you, ensures your account is correctly linked with CompTIA’s CRM, streamlines processes, enhances communication, and guarantees you never miss out on valuable CIN opportunities. Thank you for taking this important step! step!

If you are or know of a Lockbit Ransomware victim...

BrianFord

Well-known member
  • Jun 26, 2023
    121
    2
    292
    13,416
    Flagler Beach, FL
    fordsnotes.com
    For all those Security+ or security interested instructors out there...

    Law enforcement authorities in the US and Europe recently announced the seizure of data attributed to the Lockbit ransomware team. The seized data included thousands of references to the crypto keys generated to encrypt victims data. You can read about this disclosure from the FBI or read reporting by Ars Technica. If you were or know of a ransomware victim you can submit a form here (at ic3.gov) and receive assistance ranging from the key used to encrypt the data to technical assistance decrypting the data. This form does ask for information about the victim. I'm told that not all of the fields are required to be completed. If the victim has the original ransom demand message there is information included there that can be used to identify the decryption key. If that message isn't available an encrypted file can be submitted for analysis.

    The Lockbit team is believed to be made up of residents of Russia, Ukraine, and Belarus. Lockbit-based ransomware is a particularly interesting malware strain in that new versions were compiled so that different keys were used for different victims; and the original team created an 'associate program' where others could 'license' the Lockbit ransomware.