For 3 weeks, the FBI kept secret a decryptor for Revil
In the midst of the Revil ransomware attack this summer, the FBI discovered a decipherer for the attack on Kaseya. However, he decided to keep it for 3 weeks so as not to impact an action against the cybercriminal gang.
It is always a delicate question to decide: when to publish a means and a method to fix a flaw or decrypt files victims of ransomware? The FBI was confronted with this difficult choice with the Revil gang. The Washington Post reports that the federal agency secretly withheld the key that would have deciphered the data and unlocked the PCs of nearly 1,500 networks including those of hospitals, schools and businesses.
The case unfolded during the summer when the FBI managed to break into the Revil Group servers and obtain a decryption key as part of the daring attack on Kaseya. The cybercriminals then demanded a ransom of $ 70 million. This precious sesame, the agency in agreement with other American authorities decided to keep it under wraps. “We make decisions collectively, not unilaterally,” FBI director Christopher Wray told Congress. He said this silence was necessary as part of an operation to dismantle the group of cybercriminals. “It takes time in the fight against adversaries where we have to muster resources not only across the country, but also around the world.”
A secret kept for almost 3 weeks
This operation finally came to an end with the disappearance of Revil’s activities on July 13. The FBI provided the key to victims of the attack on Kaseya from July 21, nearly 3 weeks after its discovery. On July 23, BitDefender announced the availability of a universal decryptor for Revil victims before July 13. The cybersecurity company had indicated to have obtained this decryptor by a “trusted third party” without citing the source and it specifies today that it is not the FBI.
Still, the Revil group does not seem to have completely disappeared. Its servers resurfaced on September 9 and reactivated ransomware campaigns with no less than eight victims, according to the Washington Post. Unfortunately for these new preys, it is impossible to use BitDefender’s universal decryption tool, because the cybergang has completely revised its attack architecture.