US Feds sat on REvil decryption key for three weeks: report

By on
US Feds sat on REvil decryption key for three weeks: report

Wanted to use it to disrupt ransomware raiders.

United States government agencies and the Federal Bureau of Investigation had access to the decryption key that could have unlocked the files of hundreds of victims attacked by the REvil ransomware gang, but did not release it, The Washington Post reported.

Citing unnamed US officials, the FBI and other government agencies held onto the key as they planned an operation to take down the ransomware criminals, and did not want to tip them off, The Post reported.

However, the operation did not take place, as the REvil gang temporarily disbanded along with other ransomware-as-a-service operators, after the high-profile Colonial Pipeline fuel distribution attack in May this year that caused widespread outrage.

The delay in releasing the decryption key is thought have cost businesses around the world substantial amounts of money, as they struggled to restore their systems to operational status.

FBI director Chris Wray confirmed to a US Senate security committee that government agencies had decided to hold back the release of the decryption key.

Security vendor Emsisoft's chief technology officer Fabian Wosar said last week the key was obtained from REvil's servers.

The FBI provided the key to management service software provider Kaseya, which had had its systems compromised to distribute the REvil ransomware to its customers, in what is thought to have been the largest ever ransomware attack with up to 1500 victims.

Emsisoft was asked by Kaseya to write a decryption software to unscramble victims' files.

REvil has since resurfaced, and is continuing its attacks on organisations around the world.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?