FBI Withheld Ransomware Key From Businesses Over A Sting

September 24, 2021 TH Author headline,hacker,government,malware,usa,data loss,fbi,cryptography

The FBI had digital keys that would have unlocked ransomware-attacked business data, according to a Tuesday report from The Washington Post, but withheld those keys for three weeks in a failed bid to target the hackers. The agency got the encryption keys after gaining access to the servers of the Russia-based criminal gang REvil following the group’s June attack on meat-processing company JBS.

The group then attacked Miami-based IT firm Kaseya, which said 54 of its clients were directly infected but also estimated the attacks infected between 800 and 1,500 businesses using Kaseya software. Many of the businesses were forced to resolve the issue at significant cost. The FBI reportedly gave Kaseya the decryption key on July 21, but a Kaseya spokesperson told the Post that the company didn’t know how many of its 54 clients were able to use the key.

On Thursday, Romanian cybersecurity firm Bitdefender released a decryption key it says can unlock computers affected by any of the REvil ransomware encryption deployed before July 13, though not those affected by later versions of the malware. It hasn’t yet named the law enforcement agency it collaborated with to obtain and release the key.

BREAKING – in collaboration with a trusted law enforcement agency we have released a universal decryptor for Revil/Sodinokibi. Read more on Bitdefender Labs: https://t.co/NCfY1pQFDC

— BitdefenderLabs (@BitdefenderLabs) September 16, 2021

As noted by the outlet, since REvil’s reappearance this month, eight new victims have been struck by the group’s attacks, including a legal aid service for the poor.

The FBI declined CNET’s request for comment.