United States government agencies and the Federal Bureau of Investigation had access to the decryption key that could have unlocked the files of hundreds of victims attacked by the REvil ransomware gang, but did not release it, The Washington Post reported.
Citing unnamed US officials, the FBI and other government agencies held onto the key as they planned an operation to take down the ransomware criminals, and did not want to tip them off, The Post reported.
However, the operation did not take place, as the REvil gang temporarily disbanded along with other ransomware-as-a-service operators, after the high-profile Colonial Pipeline fuel distribution attack in May this year that caused widespread outrage.
The delay in releasing the decryption key is thought have cost businesses around the world substantial amounts of money, as they struggled to restore their systems to operational status.
FBI director Chris Wray confirmed to a US Senate security committee that government agencies had decided to hold back the release of the decryption key.
Security vendor Emsisoft's chief technology officer Fabian Wosar said last week the key was obtained from REvil's servers.
Looks like during the takedown of parts of the REvil infrastructure several months ago LEA got their hands on the secret key required to decrypt the ransom note key blobs which include the secret key for the system. Great news for older victims who can decrypt their files now. :)— Fabian Wosar (@fwosar) September 16, 2021
The FBI provided the key to management service software provider Kaseya, which had had its systems compromised to distribute the REvil ransomware to its customers, in what is thought to have been the largest ever ransomware attack with up to 1500 victims.
Emsisoft was asked by Kaseya to write a decryption software to unscramble victims' files.
REvil has since resurfaced, and is continuing its attacks on organisations around the world.