FBI offers to share 7,000 ransom LockBit decryption keys with CISOs

The most likely way the FBI will link certain keys to specific victims — assuming a certain victim contacts authorities — is that “the FBI will generate a script that will run all 7,000-plus keys” against the victim’s files that are still closed, Levine said. . There’s also the possibility that LockBit was reusing keys, he said.

Reason to call the FBI

The biggest benefit of the FBI announcement, Levine said, is that it gives CISOs a concrete reason to contact the FBI. The problem many businesses have when they are hit by any type of cyberattack is that they don’t have a direct current FBI contact – including a cell phone number. Importantly, legal contacts need to be established in every location where the business has servers. In an emergency, the last thing a business wants to do is start reaching out to the government’s exchange board.

“This is another great example of how law enforcement can add real value to incident response,” Levine said. “But it’s critical that organizations build a personal relationship with an existing FBI cyber agent prior to an incident. Otherwise, organizations may spend a lot of time tapping their toes to jazz up a time of endless retention. ”


Source link