June 7, 2024 at 05:00AM
The FBI has 7,000 decryption keys for LockBit ransomware, aiming to help victims. The gang’s infrastructure was dismantled in an international operation, and its administrator, Dmitry Yuryevich Khoroshev, was identified. Despite this, LockBit remains active, with new variants targeting vulnerable Microsoft SQL servers and VMware ESXi systems. Organizations are warned of potential data leaks and negative impacts from ransomware attacks.
Key Takeaways from the Meeting Notes:
– The FBI possesses over 7,000 decryption keys associated with the LockBit ransomware operation.
– LockBit has been linked to over 2,400 attacks globally, with 1,800 impacting entities in the U.S.
– Dmitry Yuryevich Khoroshev is the identified administrator and developer of LockBit.
– Despite law enforcement efforts, LockBit continues to remain active under a new infrastructure, although operating at reduced levels.
– Companies paying ransom have no guarantee that their data will be deleted by the attackers, and may still face future extortion.
– Organizations experiencing a ransomware attack can recover, on average, only 57% of the compromised data.
– New ransomware players such as SenSayQ and CashRansomware have emerged, while existing families like TargetCompany are refining their tradecraft.
– The attacks target vulnerable Microsoft SQL servers and leverage a new Linux variant to target VMWare ESXi systems.
– The new Linux variant of TargetCompany ransomware uses a shell script for payload delivery and exfiltrates victim’s information to two different servers.
The notes also highlight the potential risk and ongoing challenges posed by ransomware operations, as various government and law enforcement agencies worldwide continue to address the growing cyber threat landscape.
Let me know if you need any additional information or if there are specific action items to address based on these takeaways.