FBI held back ransomware decryption key from businesses to run operation targeting hackers
Source: Washington Post
FBI held back ransomware decryption key from businesses to run operation targeting hackers
By Ellen Nakashima and Rachel Lerman
September 21, 2021 at 9:30 a.m. EDT
The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials.
The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid million of dollars in recovery costs, analysts estimate.
But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared. The planned takedown never occurred because in mid-July REvils platform went offline without U.S. government intervention and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials.
The previously unreported episode highlights the trade-offs law enforcement officials face between trying to damage cyber criminal networks and promptly helping the victims of ransomware malware that encrypts data on computers, rendering them unusable.
-snip-
Read more: https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html