FBI had the decryption key for REvil ransomware but did not tell anyone

[Galdorf]

What the hell is up with this world why did FBI not help is that what they are being paid for?.

https://arstechnica.com/information...while-fbi-secretly-held-revil-decryption-key/

 

[Sky-Knight]

Release the key, and the malware vendor will simply change it. It's a strategic asset until you release it.

Besides, you didn't pay them for jack... I did.

 

[britechguy]

It's a strategic asset until you release it.

Exactly.

The original plaint is yet another that does not realize that there is "the long game" to be considered. Not releasing that key is directly parallel to not immediately releasing information on every security weakness that gets uncovered the moment it gets uncovered. An attack surface can remain undetected (and many have) until a patch for them is released. Notifying the world about ways to attack when no defenses as yet exist is not, repeat not, generally a good move.

Though security by obscurity is never a permanent solution, it's good practice while solutions to things that are not yet public knowledge are being formulated and then implemented.

 

[Metanis]

Not good optics for the FBI even if they had a legitimate reason to withhold the key in the early days of the investigation. At some point either days or weeks later they should have offered the victims some help in recovering their files.

 

[britechguy]

Not good optics for the FBI

I doubt anyone could or would argue that.

But I also doubt that they withheld it without rationale, too. There is no such thing as "total transparency" when it comes to either cybersecurity or law enforcement.

 

[YeOldeStonecat]

Back in World War II....when the US "captured" the German ENIGMA coding machine (used to cloak communications)...we didn't let the Germans know....else, they'd just have changed their coding method.

 

[Sky-Knight]

Not good optics for the FBI even if they had a legitimate reason to withhold the key in the early days of the investigation. At some point either days or weeks later they should have offered the victims some help in recovering their files.

I'm sorry but this is short sighted. The key can simply be rotated, and would have. The release of the key into the general public would have served no one... save perhaps the lucky few right when the release happened.

Besides... One becomes immune to long term crypto damage with a proper backup solution. I'm not a huge fan of the FBI enabling bad behavior and poor investment.

 

[britechguy]

One becomes immune to long term crypto damage with a proper backup solution.

And I'm no longer sorry that those who don't have a proper backup solution eventually get burned. I did myself, many years ago, and that was enough. And at that time ransomware did not even exist.

Having a proper backup solution is a very basic part of computer (and smartphone, for that matter) use and it has been discussed and discussed and discussed in the tech and general press.

You can lead a horse to water . . . At this point, it is willful stupidity, it can't be ignorance for the vast majority of computer users, not to have a backup protocol if they value their own data.

 

[Sky-Knight]

@britechguy The larger problem with the cryptos... Let's say you pay the ransom.

How do you know the bug is gone? You've just qualified yourself as a good mark... and even if you do your diligence and get a recovery plan in place, with proper backups...

Well, these people are smart enough to leave the bomb on your network for up to a year before it goes off... so even if you have backups, you cannot trust them!

To ensure a clean network you have to format everything, restore only files... rebuild all configurations manually and when you're done? A single employee clicking on the wrong link undoes all that work...

The ONLY way out is to convince people and enterprises to STOP PAYING THE RANSOM. I don't care how expensive it is for you now... or in the long term. For all of us, paying that ransom grows an industry that will only continue to inflict more damage.

But yeah, without a solid backup you've got nothing to rebuild with. But even that isn't good enough...

Ever formatted and rebuilt an entire network from scratch? While in a mad panic? I have... once... it's a life experience I'd rather not go though again. Though I will admit, it does lovely things for the wallet.

Forensic analysis of a server image to find and disarm the bomb isn't easy... and annoyingly failure prone... This entire situation is terrible... simply terrible.

 

[alluseridsrejected]

One becomes immune to long term crypto damage with a proper backup solution

With the word "proper" being the key. Meaning not merely having a current backup. You have to make sure that backup is not accessible to the compromised system. My local city hall had a critical system encrypted by ransomware. Fortunately I was able to easily recover from the Shadowprotect backup on the password protected NAS server. The password to the NAS is only stored in the backup software. But what if a drive was mapped to the NAS or the password remembered in windows? Could the ransomware encrypt the backups? And just in case the password is comprised, make sure you have some form of snapshot and/or offsite replication of the NAS. It would be really sad to have current backups only to realize that was encrypted too.

 

[NJW]

Back in World War II....when the US "captured" the German ENIGMA coding machine (used to cloak communications)...we didn't let the Germans know....else, they'd just have changed their coding method.

You've been watching too many Hollywood "documentaries"!

 

[Sky-Knight]

@YeOldeStonecat We didn't crack Enigma... the British did... specifically the father of computing, Alan Turing.

Then after making a huge impact on the world, he was convicted of "indecency" only for him to kill himself a couple years later. 41 years old... I wonder how much better our computers would be today if the world hadn't mistreated him so much he killed himself. Why? Because he was gay...

But yes, the UK's government did indeed hide the fact they had the ability to read German materials... Something the UK kept so secret they didn't even tell the US: https://www.theguardian.com/science...-game-alan-turing-us-intelligence-ian-fleming

World War II history is fun...

 

[Sky-Knight]

With the word "proper" being the key. Meaning not merely having a current backup. You have to make sure that backup is not accessible to the compromised system. My local city hall had a critical system encrypted by ransomware. Fortunately I was able to easily recover from the Shadowprotect backup on the password protected NAS server. The password to the NAS is only stored in the backup software. But what if a drive was mapped to the NAS or the password remembered in windows? Could the ransomware encrypt the backups? And just in case the password is comprised, make sure you have some form of snapshot and/or offsite replication of the NAS. It would be really sad to have current backups only to realize that was encrypted too.

Yep!

 

[britechguy]

It would be really sad to have current backups only to realize that was encrypted too.

Home user, business user, any user in any setting needs to know, in the age of ransomware, that the only two times backup media is actually connected to the systems being backed up is when the backup is being taken, or when the restore is being done. It's offline/physically disconnected at all other times. (And how that "disconnect" is accomplished can and does vary, but "you can't get there from here" except in the two previously stated situations is paramount.)

This means, of course, that for most home and very small business users that doing backups becomes a largely manual process, but that requires trivial effort.

 

[Sky-Knight]

@britechguy You can fix this, but you need versioned storage.

A backup solution that stores the credentials to a NAS internally is vastly safer than a usual mapped drive. But that NAS has to go the step further to sync its contents off to a versioned storage elsewhere. Then if you really want to be safe, you have your manually synchronized offline copy.

This isn't just about maintaining the data's integrity, it's about having a plan in place to survive the loss of all of your computers while the tech rebuilds everything. It's literally a race, how quickly can your technical asset completely redeploy your entire reality? He'd better be a master of automation or you're down, and that down is far more expensive than the actual work of rebuilding.

Manual backups work, but they inject time into the restore process that can cost so much alone to cause bankruptcy.

 

[YeOldeStonecat]

@YeOldeStonecat We didn't crack Enigma... the British did...

Well, yeah, "Allies/good guys...the Brits"...captured the German U-Boat in the Atlantic..and got their hands on the Enigma machine. But point being, something thought to be still secret...had been obtained by the opposing force, and that capture was kept secret so the bad guys still felt safe and kept using it.

 

[YeOldeStonecat]

You've been watching too many Hollywood "documentaries"!

I'm saving my time for their next big movie...called "Famous French Battles that were victorious of WW2". Should be a movie about as long as a commercial! {