Report: FBI Had Ransomware Decryption Key for Weeks Before Giving It to Victims

gizmodo.com
3 min read
standard
After the Kaseya attack, the feds somehow came into possession of a decryption key but waited nearly a month before delivering it into the hands of businesses.
The Kaseya ransomware attack, which occurred in July and affected as many as 1,500 companies worldwide, was a big, destructive mess—one of the largest and most unwieldy of its kind in recent memory. But new information shows the FBI could have lightened the blow victims suffered but chose not to.

Advertisement

A new report from the Washington Post shows that, shortly after the attack, the FBI came into possession of a decryption key that could unlock victims' data—thus allowing them to get their businesses back up and running. However, instead of sharing it with them or Kaseya, the IT firm targeted by the attack, the bureau kept it a secret for approximately three weeks.

The feds reportedly did this because they were planning an operation to "disrupt" the hacker gang behind the attack—the Russia-based ransomware provider REvil—and didn't want to tip their hand. However, before the FBI could put its plan into action, the gang mysteriously disappeared. The bureau finally shared the decryption key with Kaseya on July 21—about a week after the gang had vanished.

A decryption key, which is typically only sent to a victim after they have paid their attacker, unscrambles the data that is encrypted during a ransomware attack and can help an infected company to recover. However, they don't always work super well—which is part of the reason why authorities insist that victims should never pay ransoms.

So, how did the FBI come into possession of REvil's decryption key? That part is quite…
Lucas Ropek
Read full article