[MasterScrat]

Or maybe they got their hands on the keys some other way they're not willing to disclose.

[enneff]

It is likely that they were able to compromise the bad guys' systems and steal the private keys, which in itself is against the law.

[obitoo]

Technically yes, but in practice only if the bad guys file charges and/or assist the authorities with evidence, ie their machines.

[a2tech]

Or maybe FoxIT was behind cryptolocker all along and once the ransom money stopped pouring in they released their database to look like good guys..tinfoil hat

[runeks]

That would be interesting. Especially the discussion of whether this is morally acceptable (ie. doing illegal things to obtain the private keys from the malware designers).