We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

Congress Questions FBI’s Tight-Lipped Ransomware Tactics

1 6 0
25.09.2021

It's a dilemma that has long plagued the intelligence community: should it share cybersecurity intelligence to help protect U.S. companies, or should it withhold that information and use it for the FBI and intelligence community’s benefit instead?

The FBI’s answer in a recent case was to secretly hoard the information that would help the victims recover.

The FBI’s decision to keep a decryption key secret from the victims, a decision The Washington Post first reported, has raised questions in the cybersecurity community about whether the FBI made the right call—and whether the government has an obligation to help ransomware victims.

The FBI was withholding the decryption tool, which could help unlock victim computers and boot out the ransomware, because the FBI had plans to target and disrupt a Russian gang that hit hundreds of targets in July. Law enforcement officials had smuggled the decryption key from the ransomware gang’s servers, and using it to help victims would have spilled the beans on the FBI’s plot.

But the FBI’s plan was foiled when the hacking gang, known as REvil, went dark and disappeared from the internet, seemingly in retreat. Without a need to disrupt the gang anymore, the FBI shared the decryption key in the end with Kaseya, the IT management software company that was the original target of the ransomware gang.

Kaseya told The Daily Beast the FBI’s work on the matter was welcome.

“We are grateful for the support we were given by the FBI,” a spokesperson for Kaseya, Dana Liedholm, said.

This latest incident is raising red flags, however, across the government about whether the FBI should be allowed to hoard decryption tools at the expense of victims—and under what circumstances.

“If these reports are true, it’s inexcusable for the FBI to leave thousands of companies struggling to reconstitute their systems on their own,” Rep. Jim Langevin (D-RI), co-chair of the Congressional Cybersecurity Caucus, told The Daily Beast. “We already have a process for balancing the need to bring hackers to justice and helping victims of cybercrime.”

Langevin said President Joe Biden’s top cyber adviser, the White House National Cyber Director (NCD) Chris Inglis, ought to be at the helm managing these decisions. “But I think we need to reexamine it and incorporate [the National Cyber Director] to ensure we are properly weighing all relevant factors before withholding decryption keys or similar defensive measures,” he said.

Balancing whether to help U.S. companies or keep........

© The Daily Beast


Get it on Google Play