The FBI and law-enforcement partners kept secret the “Sodinokibi” (aka REvil) ransomware decryption key for almost three weeks after the Kaseya ransomware supply-chain attack of mid-2021. They cited an intention to prevent the Sodinokibi group’s discovery of a takedown operation; media outlets argue that an earlier release of the decryption key could have saved many victims time and money in their data recovery. Leading up to its contentious decision to withhold the key, the FBI likely weighed the value of collecting intelligence about Sodinokibi―and disrupting the group―against the needs of some victims. The media has called the decision unjust in hindsight, but without knowing the law-enforcement agencies’ full intentions, the best choice of action remains elusive.

Threat Intel Fan?
Sign up below to get our TI updates delivered to your inbox!
Other content in this Stream

ShadowTalk host Chris alongside gives you the latest in threat intelligence.

ShadowTalk host Nicole alongside guests Rick, Ivan and Dean give you the latest in threat intelligence.

As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being ...

The tail end of the calendar year represents arguably the most important period for retailers and companies working in e-commerce, ...

In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams ...

Sporting events, like the upcoming FIFA World Cup Qatar 2022 (Qatar 2022 World Cup), attract massive attention from every corner ...

As we move towards the end of 2022, now is the time to take a look back at the major ...