FBI Withholds REvil Ransomware Decryption Keys After Failed Counterattack
The FBI held onto Kaseya decryption keys for weeks that could have saved affected companies but chose not to help; a fascinating moral/ethical question, so long as it wasn’t your company that was crippled.
One thing is clear: the FBI had the decryption keys for the REvil ransomware attack for weeks but chose not to share with the companies that had been struggling to survive. The excuse given was coherent; they didn’t want the hackers to know that the FBI was onto them. The plan was to launch a counterattack against REvil’s infrastructure, and the FBI did not want to tip their hand.
Ultimately, the plan failed, REvil disappeared without a trace.
Clearly, if you were one of the victims of the Kesaya ransomware attack, that took down hundreds of companies, including hospitals, schools, and a wide range of businesses, the approach by the FBI would be incredibly disconcerting at the least. Recently, the Washington Post has reported on the incident, stirring great debate.
Many cybersecurity experts argue that they are onboard with the decision, that even the chance to take down REvil justified the decision to delay helping the handicapped companies. As an impartial observer, I can see both sides of the debate. I will not throw my hat in this ring; this debate is not my issue.
Sample image of the Kaseya VSA ransomware attack from July 2, 2021
What I would like the reader to take away from this fiasco: When hit by a ransomware attack, your only defense is the Information Security Program you’ve proactively instituted. Who else do you think is on your side, the FBI? Your cyber insurance carrier? Think again, they will be trying to limit their liability at every turn.
The only team prepared to help you is the team you put in place before the incident, your internal or third-party Information Security Team. If for whatever reason you do not believe that your company is ready, let’s talk.