The U.S. House Committee on Oversight and Reform has requested a briefing with the Federal Bureau of Investigation (FBI) to determine whether it was justified in withholding the Kaseya ransomware decryption key.
The request came a week after it was reported that the FBI, in consultation with other agencies, chose to hold on to the decryption key as part of a planned effort to disrupt REvil, the Russian-based cybercriminal group behind the attack on Kaseya. However, the plan never worked because, in mid-July, both REvil’s platform and threat actors went offline.
By withholding the key, the U.S. House Committee says, it potentially cost the ransomware victims, including schools and hospitals, millions of dollars. The U.S. House Committee claims many businesses, schools, and hospitals lost time and money during the delay.
“We request information to understand the rationale behind the FBI’s decision to withhold this digital decryptor key and the agency’s approach to responding to ransomware attacks,” the letter says.
The decisions of law enforcement are easy to criticize in hindsight, says Oliver Tavakoli, CTO at Vectra, a San Jose, Calif.-based AI cybersecurity company. “While the FBI had the decryption keys, the plan to take down REvil infrastructure in an effort to head off future attacks had to be weighed against the desire to help victims of the Kaseya attacks. It’s easy to second-guess that decision since REvil appeared to dismantle elements of the infrastructure, and thus the law enforcement plan to take it down was thwarted. However, hindsight is always 20/20.”
John Bambenek, Principal Threat Hunter at Netenrich, a San Jose, Calif.-based digital IT and security operations company, adds, “In a free country, people and organizations have a general right to understand the decision-making of their government. While I generally agree with the decision of the FBI on this, everyone should understand how each organization will respond to these incidents so they can have fully-informed decision-making.”