Brett Leatherman
Deputy Assistant Director, FBI Cyber Division
Federal Bureau of Investigation
London, England
February 20, 2024

FBI Cyber Deputy Assistant Director Brett Leatherman’s Remarks at Press Conference Announcing the Disruption of the LockBit Ransomware Group

I’m pleased to represent the FBI here today, as I oversee the FBI’s Cyber Operations Branch.

I am excited to speak about our multi-year disruption campaign against the LockBit ransomware group.

LockBit has hurt thousands of victims across the country and around the world to include in recent years, targeting all sectors, from government and public sector companies, such as hospitals and schools, to high-profile, global companies.

Today, a joint sequenced operation among 10 countries disrupted LockBit's front- and back-end infrastructure in the U.S. and abroad.

The FBI seized four servers in the U.S. as part of this technical disruption, and we are announcing a total of five LockBit affiliates charged by the Department of Justice.

Two of those indictments are being publicly released today.

In addition, the cyber-related sanctions program implemented by the US Office of Foreign Assets Control (OFAC) imposed sanctions on two LockBit threat actors responsible for malicious cyber-enabled activities.

Lastly, we can proudly announce through the U.S. Department of State a reward of up to $15 million via the Transnational Organized Crime Rewards Program for anyone with information about LockBit associates.

This includes a reward of up to $10 million for information leading to the identification or location of any individual(s) who hold a leadership position in the LockBit ransomware variant transnational organized crime group and a reward offer of up to $5 million for information leading to the arrest and/or conviction of any individual conspiring to participate in or attempting to participate in LockBit ransomware activities.

This large operation could not have happened without the contributions of the National Crime Agency, FBI Newark, our international partners, the FBI’s Cyber Division—including our field office personnel across the country—and the FBI personnel stationed overseas, who led the collaboration with our foreign law enforcement partners all, standing shoulder to shoulder, pursuing the same goals, seeking to remediate victims and prevent LockBit from continuing its nefarious activities, it was these partnerships that were essential to today’s success.

I cannot go on without mentioning some of the other international partners who contributed to this effort including South West Regional Organized Crime Unit in the U.K., Metropolitan Police Service in the U.K., Europol, Gendarmerie-C3N in France, the State Criminal Police Office L-K-A and Federal Criminal Police Office in Germany, Fedpol and Zurich Cantonal Police in Switzerland, the National Police Agency in Japan, the Australian Federal Police in Australia, the Swedish Police Authority in Sweden, the National Bureau of Investigation in Finland, the Royal Canadian Mounted Police in Canada, and the National Police in the Netherlands.

This coordinated disruption of LockBit’s networks illustrates the power of collaboration between the FBI and our international partners.

The FBI’s strategy to combat ransomware leverages both our law enforcement and intelligence authorities to go after the whole cybercrime ecosystem by targeting the key services, namely the actors, their finances, their communications, their malware, and their supporting infrastructure.

And since 2021, that’s exactly how we’ve targeted the LockBit ransomware.

Our access to LockBit's infrastructure was no accident.

Now, as we move to the next phase of the investigation, we’ve worked with our international partners to seize the infrastructure used by these criminal actors including nearly 11,000 domains and servers located all over the globe—hindering LockBit’s ability to sting again.

Through this operation, we have access to nearly 1,000 potential decryption capabilities, and the FBI, NCA, and Europol will be conducting victim engagement with over 1,600 known US victims.

I’m here today to ask those US victims and private sector partners who have been a victim of a LockBit ransomware attack to please go to our IC3 website to complete a questionnaire to see if the FBI can provide you with decryption capabilities found during this infrastructure disruption.

One example of our success helping victims occurred in October of 2023.

A Boeing distribution business, Boeing Distribution Inc. (BDI), was the victim of a LockBit ransomware attack.

Boeing immediately engaged the FBI, which provided timely coordination and information sharing that was instrumental to BDI’s investigation and recovery.

Today’s lesson for businesses large and small, hospitals and police departments, and all the other many victims of ransomware is this:

Reach out to your local FBI field office today and introduce yourselves, so you know who to call if you become the victim of a cyberattack. If you are a victim of LockBit, please reach out to your local FBI office or fill out the form on The FBI is in possession of nearly 1,000 decryption keys, which we intend to provide to victims.

We’re ready to help you build a crisis response plan, so when an intruder does come knocking, you’ll be prepared.

And, like the LockBit victims here, when you talk to us in advance—as so many others have—you’ll know how we operate: quickly and quietly, giving you the assistance, intelligence, and technical information you want and need.

When victims report attacks to us, we can help them—and others, too.

Today’s announcement is only the beginning.

We’ll continue gathering evidence, building out our map of LockBit developers, administrators, and affiliates, and using that knowledge to drive arrests, seizures, and other operations, whether by the FBI or our partners here and abroad.

While this is, yes, a fight to protect our country, our citizens, and our national security, make no mistake—the fight for cybersecurity spans the globe. But the FBI’s presence and partnerships do, too.

So, a reminder to cybercriminals: No matter where you are, and no matter how much you try to twist and turn to cover your tracks—your infrastructure, your criminal associates, your money, and your liberty are all at risk. And there will be consequences.