The Kaseya ransomware attack, which occurred in July and affected as many as 1,500 companies worldwide, was a big, destructive mess—one of the largest and most unwieldy of its kind in recent memory. But new information shows the FBI could have lightened the blow victims suffered but chose not to.
A new report from the Washington Post shows that, shortly after the attack, the FBI came into possession of a decryption key that could unlock victims’ data—thus allowing them to get their businesses back up and running. However, instead of sharing it with them or Kaseya, the IT firm targeted by the attack, the bureau kept it a secret for approximately three weeks.
The feds reportedly did this because they were planning an operation to “disrupt” the hacker gang behind the attack—the Russia-based ransomware provider REvil—and didn’t want to tip their hand. However, before the FBI could put its plan into action, the gang mysteriously disappeared. The bureau finally shared the decryption key with Kaseya on July 21—about a week after the gang had vanished.