Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Crime

Why The FBI Held Back a Ransomware Decryption Key for 19 Days (msn.com) 53

America's Federal Bureau of Investigation "refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer," reports the Washington Post, "even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials." The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs. But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.

The planned takedown never occurred because in mid-July REvil's platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials... The FBI finally shared the key with Kaseya, the IT company whose software was infected with malware, on July 21 — 19 days after it was hit. Kaseya asked New Zealand-based security firm Emsisoft to create a fresh decryption tool, which Kaseya released the following day. By then, it was too late for some victims...

On Tuesday, FBI Director Christopher A. Wray, testifying before Congress, indicated the delay stemmed in part from working jointly with allies and other agencies. "We make the decisions as a group, not unilaterally," he said, noting that he had to constrain his remarks because the investigation was ongoing... He also suggested that "testing and validating" the decryption key contributed to the delay. "There's a lot of engineering that's required to develop a tool" that can be used by victims, he said at a Senate Homeland Security Committee hearing.

Emsisoft, however, was able to act quickly. It extracted the key from what the FBI provided Kaseya, created a new decryptor and tested it — all within 10 minutes, according to Fabian Wosar, Emsisoft chief technology officer. The process was speedy because the firm was familiar with REvil's ransomware. "If we had to go from scratch," Wosar said, "it would have taken about four hours."

This discussion has been archived. No new comments can be posted.

Why The FBI Held Back a Ransomware Decryption Key for 19 Days

Comments Filter:
  • by rotorbudd ( 1242864 ) on Sunday October 24, 2021 @12:41PM (#61922485)

    I'm shocked. And I await his indictment for perjury.

  • Apparently they had to wait 18 days for full payment first. Gotta protect that R.O.I., you know. Fuck these guys. Seriously.

    • Incidentally, REvil is a FBI plant.

    • In their defense, the Russians are sneaky. Look at how they narrowly escaped that Russian collusion thing and then managed to not only convince or trick the Biden administration to remove the sanctions on their pipeline, but shut down pipelines in the US in the process.

      Christopher Wray is getting better though. It only took him 18 days or so to realize he was dumped again by the Russians.

      • by NFN_NLN ( 633283 )

        > the Russians are sneaky. Look at how they narrowly escaped that Russian collusion thing and then managed to not only convince or trick the Biden administration to remove the sanctions on their pipeline, but shut down pipelines in the US in the process.

        This won't fit on a t-shirt. I need to get this message out to people with short attention spa.... oh look a squirrel.

  • Wasn't this already posted on Slashdot previously? I swear I read this before.
    • They do this all the time. They've been counting on you forgetting about past incidents, though. They'd never have left the dots close enough together to form a line on purpose.

    • Wasn't this already posted on Slashdot previously? I swear I read this before.

      You don't what "this" means.

      That's your problem. Your thoughts are too small. Your words are smaller yet. You can't effectively describe your little thoughts, so you can't even figure out what you're complaining about.

      There was a story about what happened. Now there is a story about why it happened. It isn't complicated. But you shortened everything that happened down to, "this" which is small enough to fit between your ears, but then every "this" looks the same to you.

      • by ScwB ( 1879202 )
        In my experience, people who respond so aggressively with insults are highly insecure, so I'll reassure you: Take a breath. Everything is ok. You will be alright. Don't worry about all your self doubts and loathing. Just stay strong and you'll make it through this big ol' world, mmkay?
        • In my experience, people who respond so aggressively with insults are highly insecure

          I agree, that's why you wrote this reply to me, and you only included insults! Insults are 100% of your content, and that is because you're deeply insecure .

          I don't care if you improve yourself. What difference is it to me? You talk about things you know would improve yourself; it isn't doing you any good.

      • by Entrope ( 68843 )

        He was probably thinking of this [slashdot.org], which also gave the reason the FBI delayed releasing the key -- including many of the same sentences as TFA this time.

        You don't what "this" means.

        You seem to have ___ a verb there, dumbass. I guess it didn't fit in that tiny space between your ears.

        • You seem to have entirely missed the point, too.

          You found a missing word, wow, impressive. However, you missed the entire fucking point. So the missing word wouldn't help you even a little bit.

          Ponder the difference between what, and why. Because it might help you to figure out what "this" is!

          • by Entrope ( 68843 )

            You couldn't figure out what "this" is. That was the entire crux of your earlier comment. You padded it out by insulting someone who didn't make the kind of dumb mistake you did, and who assumed that readers would be better at understanding context than you.

            You are in a hole. Now would be a good time to stop digging.

  • In an attempt to take them down (by doing nothin?), They ended up making sure the operation was profitable for the bad actors?

    I'd think the plan would be to try and make it less profitable to commit the crime as step one.

    • In an attempt to take them down (by doing nothin?), They ended up making sure the operation was profitable for the bad actors?

      I'd think the plan would be to try and make it less profitable to commit the crime as step one.

      The success metric of the US Justice System isn't "number of people protected" or "number of dollars saved". It's "number of cases indicted/pled/convicted".

      The behavior of the various law enforcement agencies and department, and the criminal court system, exhibits a very clear set of tropisms toward that metric.

  • It's pretty clear that REvil detected the FBI intrusion and shut down because of it.

    Good job, FBI.

    Back to framing Boomercons.

    • by markana ( 152984 )

      More likely, someone in the FBI or one of the involved agencies tipped REvil off directly. Moles are really hard to get rid of,

    • by Whibla ( 210729 )

      That's certainly a plausible scenario.

      Equally:

      The FBI infiltrates REvil's ransomware servers.
      But REvil (or other sympathetic hackers) have already infiltrated the FBI's servers.

      Neither 'side' detects the intrusion, per se, but one side becomes aware of the intrusion through reading the case summaries.

      Or not.

      Like someone else posited, it could simply be a case of a (now much richer) mole.

  • I get holding back with some kind of "acceptable losses" so that you can catch the bad guy and stop it from happening again, but if you slow play it like these idiots and the window closes with no action taken, you need to be held accountable.
    • Comment removed based on user account deletion
      • Why are you suggesting the fleecing of The People out of money, for the benefit of these corporations with bad security and reliability practices?
      • It's definitely fair. Unfortunately, just one more case where the losses would be socialized by the taxpayers despite the taxpayers not having any input on the choice
  • Those companies are lucky the FBI didn't actually delete their files in the attempt to un-encrypt it. That would have been more normal procedure for them.

  • No obligation (Score:5, Insightful)

    by The MAZZTer ( 911996 ) <{megazzt} {at} {gmail.com}> on Sunday October 24, 2021 @02:01PM (#61922681) Homepage

    Sounds like someone wants to blame the FBI for not distributing the ransomware decryption key. What about the organizations that failed to properly protect themselves by building a secure network? And by not keeping their systems patched? By not ensuring their employees only have the level of access they need, and no more? By not ensuring their employees are trained to recognize intrusion attempts, and to not allow them in but to report them? By not ensuring their critical files were backed up off site, restorable should ransomware ever invade their network? All these tactics are widely known now, any organization that was threatened should have had the tools to avoid or at least recover from ransomware. Someone dropped the ball. And the FBI should not be obliged to pick it up. Should they help organizations when they have the means to do so? Absolutely. But the FBI is in the business of busting the crooks and that should be their priority first.

    • by martinX ( 672498 )

      Sounds like someone wants to blame the FBI for not rescuing the kidnap victim. What about the parents that failed to properly protect themselves by building a secure house? And by not keeping their doors deadlocked? All these tactics are widely known now, any family that felt threatened should have had the tools to avoid or at least recover from kidnapping. Someone dropped the ball. And the FBI should not be obliged to pick it up.

      • The FBI made an assessment and decided that the risk to the kidnap victim didn't outweigh the importance of capturing the kidnapper. Decisions like this need to happen all the time and they are never easy, It's hard enough for the average person to decide whether they want a delicious plate of fries or better lifelong health outcomes so I think we can cut the FBI some slack on this one.
        • If the FBI can easily bail them out then there is no need for the CEO to spend money on decent security.

          That what pain is about. To stop animals from doing certain things.

          This ransomware is nothing compared to what will happen if there is ever serious trouble with China. They will shut us down.

    • Sounds like someone wants to blame the FBI for not distributing the ransomware decryption key. What about the organizations that failed to properly protect themselves by building a secure network?

      This is like if a gunshot victim was brought into an ER and allowed to bleedout, completely ignored by staff despite crying for help, and then during the malpractice trial you said "Well, what about the person who shot him? Why try to blame the medical staff for holding the gun?"

      The responsibility to tend to the patient and the responsibility to not shoot someone are entirely distinct even if there are linked causes. The patient could have just as well shot himself, been taking a bullet to save an orphan,

      • by PPH ( 736903 )

        The FBI (like other US law enforcement) has no duty to protect you [wikipedia.org].

        • I don't think he was talking about a legal obligation.

          It's the implied deal that comes with the establishment of any governmental institution - to aid its people. There are times when that help is difficult to see explicitly, perhaps with some institutions more than with others (e.g. IRS?). But when you're actively damaging your society in the pursuit of your mission, that's when state is not "by the people, for the people" anymore. See for example various secret services in the Soviet region in their time

    • What about the organizations that failed to properly protect themselves by building a secure network?

      Guilt is not a zero-sum game. Putting full blame on the FBI still leaves 100% of it to go around for other actors, e.g. the (admittedly, borderline criminally incompetent) victims.

    • by tlhIngan ( 30335 )

      Or perhaps like how Enigma was cracked, but the Allies still let people die from German attacks, even though they knew perfectly well the attack was going to happen.

      Sometimes you don't want to let the attackers know you're on to them, or that you can read every message of theirs. Tipping them off can lead to even worse casualties in the future as one the attackers figure out the other side has the details, they may change things up and render the countermeasures useless.

      Sometimes the need to not tip the oth

  • by sjames ( 1099 ) on Sunday October 24, 2021 @02:31PM (#61922731) Homepage Journal

    They tipped their hat to the bad guys, kicked the door in, shot the dog, and came up empty.

    *golf clap*

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...