The most definitely means the FBI will affiliate particular keys with particular victims — assuming that individual sufferer contacts the authorities — is that “the FBI will generate a script that may run all 7,000-plus keys” in opposition to the sufferer’s still-locked recordsdata, Levine mentioned. There’s additionally a chance that LockBit was reusing keys, he mentioned.
A purpose to name the FBI
The most important advantage of the FBI announcement, Levine mentioned, is that it offers CISOs a concrete purpose to contact the FBI. An issue that many enterprises have when they’re hit with any type of cyberattack is that they don’t have a present direct FBI contact — together with cellular quantity. Critically, regulation enforcement contacts should be established for each geographic the place the enterprise has servers. In an emergency, the very last thing an enterprise needs to do is begin reaching out to a federal switchboard.
“That is simply one other nice instance of how regulation enforcement can add actual worth in responding to an incident,” Levine mentioned. “But it surely’s crucial that organizations develop a private relationship with an present FBI cyber agent previous to the incident. In any other case, organizations could also be spending a number of time tapping their toes to mild jazz throughout an infinite maintain.”
