FBI director pressed on agency reportedly withholding Kaseya decryption key
The FBI allegedly withheld the release of a decryption key for almost three weeks that could have assisted groups crippled by the massive ransomware attack on IT group Kaseya earlier this year to unlock their networks.
The allegations: The Washington Post reported on Tuesday that the FBI and other federal agencies made the decision to not give Kaseya the key while it pursued an operation to knock REvil, the cybercriminal group behind the attack, offline. Websites used by REvil went dark prior to the FBI’s planned operation.
The ransomware attack on Kaseya, which took place just before the Fourth of July weekend, impacted up to 1,500 groups. Kaseya chose not to pay the ransom demanded by the hackers, and instead used a decryption key that the company said it had received from a “trusted third party” weeks after the attack.
The FBI declined to comment on the report to The Hill.
Wray weighs in: FBI Director Christopher Wray was questioned about the decision during a Senate Homeland Security and Governmental Affairs Committee hearing Tuesday, with Wray avoiding giving details on the decision due to the ongoing investigation into the incident.
“When it comes to the issue of encryption keys or decryption keys, there is a lot of testing and validating that is required to make sure that they are going to actually do what they are supposed to do, and there is a lot engineering that is required to develop a tool that is required to put the tool in use,” Wray testified. “Sometimes we have to make calculations about how best to help the most people, because maximizing impact is always the goal.”
Beyond cybersecurity concerns, Wray was testified that the FBI’s domestic terrorism caseload had “exploded” since 2020, and noted that social media was a major part of the problem.
Read more here.Wray made these comments as part of a larger hearing on threats to the homeland alongside officials including Homeland Security Secretary Alejandro Mayorkas on Tuesday, which also included testimony on other cyber concerns and on border security issues.