FBI withheld "skeleton key" for Kaseya malware

After REvil attacked Kaseya, the FBI managed to exfiltrate the master key to decrypt all of Kaseya’s customers’ systems… But they withheld the key for 3 weeks, until REvil disappeared, then they finally handed the key over to Kaseya.

Thousands of affected businesses had spent millions in the meantime trying to recover their systems or pay the ransom for an individual key. Talk about being irresponsible.

The FBI had managed to infiltrate REvil and didn’t want to give the game away, so they sat on the keys and watched thousands of businesses struggle, because they were considering an attack on REvil, which never took place.

(German language article on heise.de, the original story was in the WaPo, but I don’t have a sub there to get to the article.)
Kaseya-Attacke: FBI hielt wochenlang Generalschlüssel zurück | heise online

The story broke just before Security Now, but I did bring it up with Steve and we discussed it briefly just before the third ad.

I likened it to the British cracking Enigma during WWII. It’s tough to use the information you glean from such a discovery without signalling the adversary that you’ve deciphered their messages. Nevertheless, I have to think it’s pretty frustrating for the companies that paid REvil in that three week period.

1 Like

I look forward to listening to it. I’m backed up here. Still going through iOS Today, then MBW, then SN…

Off to the rowing machine after I finish work, so some time to listen and catch up then.