When hundreds of businesses were impacted by a major ransomware attack this past summer, the FBI did not help unlock the victims' computers for several weeks, even though it had secretly obtained the digital key needed to do so, according to several current and former U.S. officials.
The digital key was retrieved through access to the servers of the Russia-based criminal gang behind the July ransomware attack. Using the key immediately could have helped the victims, including schools and hospitals, avoid millions of dollars in recovery costs, The Washington Post reported.
But the FBI withheld using the key because it was planning an operation to disrupt the Russian hackers group known as REvil, and the bureau did not want to tip them off.
The planned operation never took place because in mid-July REvil’s platform went offline without U.S. government intervention, and the hackers disappeared, according to the current and former officials, the Post reported.
Hundreds of businesses were partially affected by the FBI's delays.
"The decryptor key would have been nice three weeks before we got it, but we had already begun a complete restoration of our clients’ systems," said Joshua Justice, owner of the Maryland IT company JustTech, which had about 120 clients affected by the attack.
The FBI, without commenting on the specific case, said delays are inevitable when working with other U.S. agencies and international partners.
"In general," said an FBI official, "a lot of our cyber investigations focus on our interagency collaboration because that’s imperative to the success of any of our operations. Although this takes time, it also allows us to have the largest impact while helping the most victims or even potential victiims."
The REvil ransomware attack shut down JBS, the world's largest meat supplier, and affected the software provided by Kaseya, a Miami-based IT firm, infecting 54 of its clients.
Without the key to restore encrypted data to a readable state, victims were forced to try to retrieve backup copies of data or to replace their systems.
Kaseya Chief Executive Fred Voccola said in a video message the week following the attack that the company worked quickly to prevent the damage from spreading.
The FBI gave the key to Kaseya on July 21. Kaseya spokeswoman Dana Liedholm said she did not know how many of the firm’s 54 clients were able to use the key, but she noted that "many were able to restore [their systems] from backups."
REvil had demanded ransoms ranging from $45,000 to $5 million per infected device, depending on the size of the company. At one point, it demanded that Kaseya pay $70 million for a universal decryption key.
President Joe Biden said that he has told President Vladimir Putin that the United States will take "any necessary action" to stop cyberattacks from Russia.
But despite warnings from President Biden to Russian hackers that they cease their activities, this month REvil reappeared, the Post reported. It has rebuilt its platform and resumed its activity. As of Tuesday, it had logged at least eight new victims.
© 2021 Newsmax. All rights reserved.