The Washington Post is reporting that the FBI had access to a decryption key for the Kaseya attack which they delayed sharing of for three weeks. Why? They were trying to launch an operation to disrupt REvil, but the plan was thwarted by REvil taking themselves offline.
Why do we care?
I’m going to offer a perspective here. It’s not the FBI’s job to protect businesses, nor to help them with recovery. It’s the FBI’s job to investigate and find criminals and bring them to justice.
I’ve seen some commentary on this story that implies the FBI made a bad call, or further hurt those businesses impacted. That’s not their job. It’s the Federal Bureau of Investigation, not Bureau of Data Recovery.
Don’t go looking for blame here. The recovery plan is not to have law enforcement help a customer.