FBI Sacrifices Innocents Again While Trying To Catch News Instead of Crooks

Sun Oct 24 20:43:56 PDT 2021

https://www.msn.com/en-us/news/us/fbi-held-back-ransomware-decryption-key-from-businesses-to-run-operation-targeting-hackers/ar-AAOFwat
https://www.washingtonpost.com/technology/2021/07/13/revil-disappears-kaseya-hack/

America's Federal Bureau of Investigation "refrained for almost three
weeks from helping to unlock the computers of hundreds of businesses
and institutions hobbled by a major ransomware attack this summer,"
reports the Washington Post, "even though the bureau had secretly
obtained the digital key needed to do so, according to several current
and former U.S. officials." The key was obtained through access to the
servers of the Russia-based criminal gang behind the July attack.
Deploying it immediately could have helped the victims, including
schools and hospitals, avoid what analysts estimate was millions of
dollars in recovery costs. But the FBI held on to the key, with the
agreement of other agencies, in part because it was planning to carry
out an operation to disrupt the hackers, a group known as REvil, and
the bureau did not want to tip them off. Also, a government assessment
found the harm was not as severe as initially feared.

The planned takedown never occurred because in mid-July REvil's
platform went offline — without U.S. government intervention — and the
hackers disappeared before the FBI had a chance to execute its plan,
according to the current and former officials... The FBI finally
shared the key with Kaseya, the IT company whose software was infected
with malware, on July 21 — 19 days after it was hit. Kaseya asked New
Zealand-based security firm Emsisoft to create a fresh decryption
tool, which Kaseya released the following day. By then, it was too
late for some victims...

On Tuesday, FBI Director Christopher A. Wray, testifying before
Congress, indicated the delay stemmed in part from working jointly
with allies and other agencies. "We make the decisions as a group, not
unilaterally," he said, noting that he had to constrain his remarks
because the investigation was ongoing... He also suggested that
"testing and validating" the decryption key contributed to the delay.
"There's a lot of engineering that's required to develop a tool" that
can be used by victims, he said at a Senate Homeland Security
Committee hearing.

Emsisoft, however, was able to act quickly. It extracted the key from
what the FBI provided Kaseya, created a new decryptor and tested it —
all within 10 minutes, according to Fabian Wosar, Emsisoft chief
technology officer. The process was speedy because the firm was
familiar with REvil's ransomware. "If we had to go from scratch,"
Wosar said, "it would have taken about four hours."