The FBI and law-enforcement partners kept secret the “Sodinokibi” (aka REvil) ransomware decryption key for almost three weeks after the Kaseya ransomware supply-chain attack of mid-2021. They cited an intention to prevent the Sodinokibi group’s discovery of a takedown operation; media outlets argue that an earlier release of the decryption key could have saved many victims time and money in their data recovery. Leading up to its contentious decision to withhold the key, the FBI likely weighed the value of collecting intelligence about Sodinokibi―and disrupting the group―against the needs of some victims. The media has called the decision unjust in hindsight, but without knowing the law-enforcement agencies’ full intentions, the best choice of action remains elusive.
Most Recent Flipbooks
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Main story: Hacktivists fan flames of Iranian anti-regime protests
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Main story: Uber compromised by Lapsus$'s resurgence
Main story: Cyber attacks shock the Italian energy sector
Main story: Back to school for students and ransomware groups