If you are or know of a Lockbit Ransomware victim...

BrianFord

Well-known member
Jun 26, 2023
64
139
9,346
Flagler Beach, FL
fordsnotes.com
For all those Security+ or security interested instructors out there...

Law enforcement authorities in the US and Europe recently announced the seizure of data attributed to the Lockbit ransomware team. The seized data included thousands of references to the crypto keys generated to encrypt victims data. You can read about this disclosure from the FBI or read reporting by Ars Technica. If you were or know of a ransomware victim you can submit a form here (at ic3.gov) and receive assistance ranging from the key used to encrypt the data to technical assistance decrypting the data. This form does ask for information about the victim. I'm told that not all of the fields are required to be completed. If the victim has the original ransom demand message there is information included there that can be used to identify the decryption key. If that message isn't available an encrypted file can be submitted for analysis.

The Lockbit team is believed to be made up of residents of Russia, Ukraine, and Belarus. Lockbit-based ransomware is a particularly interesting malware strain in that new versions were compiled so that different keys were used for different victims; and the original team created an 'associate program' where others could 'license' the Lockbit ransomware.