FBI Had the REvil Decryption Key
The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.
The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.
But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.
Fighting ransomware is filled with security trade-offs. This is one I had not previously considered.
Another news story.
Anonymous • September 22, 2021 9:53 AM
Reminds me of the British efforts to combat German encryption in WW2. Once they cracked the Enigma machine, they had to do a ton of work to determine how much they could use their newfound knowledge without tipping off the Germans that all their plans were now visible.
Certainly no comfort to the families of soldiers and sailors who died to German attacks that the allied generals saw coming by then, nor for victims of REvil in this case. Hopefully holding onto the key this long actually led to preventing future attacks.