FBI withheld ransomware decryption key for 19 days from hospitals & more to target hackers

Listen
Text
  • Small
  • Medium
  • Large

The FBI had the decryption key to unlock hundreds of hospitals and businesses' IT systems held hostage by REvil's ransomware attacks but chose not to since it planned to carry out an attack on the hacker group, according to a Sept. 21 report by The Washington Post.

Seven things to know:

  1. The FBI obtained the key by accessing REvil's servers. Deploying the key could have aided patients and avoided millions of dollars in recovery costs, according to estimates by analysts reported by the Post.

  2. The FBI refrained from giving out the decription key because it didn't want to tip them off. A federal assessment also found the harm from the attacks was not as severe as initially feared, according to the report.

  3. Before the FBI could launch an attack on REvil, the hacker group disappeared. After nearly three weeks, the FBI shared the decryption key with victims like IT company Kaseya, according to the report.

  4. During Kaseya's July ransomware attack, 54 of its clients were affected. Most clients were managed service providers with hundreds of customers that were using Kaseya's software. Kaseya estimates that between 800 and 1,500 businesses were affected in the attack.

  5. REvil demanded $70 million from Kaseya for a universal decryption key. The hacker group also demanded ransom payments ranging from $45,000 to $5 million per infected device, depending on the size of the company, according to the report.

  6. The FBI didn't comment on this specific case but said delays are inevitable when working with American and international partners. The FBI official also said that the FBI must be cautious with what it provides victims. The solution would have to be thoroughly tested to minimize risks.

    "Although this takes time, it also allows us to have the largest impact while helping the most victims or even potential victims," an FBI official told the Post.

  7. REvil reappeared in September and resumed hacking activities. It has already claimed eight new victims since reemerging, the report said.

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars