For three weeks during the REvil ransomeware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1,500 networks, including those run by hospitals, schools, and businesses.
The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip off the REvil gang and had hoped to take down their operations, sources told the Post.
Instead, REvil went dark on July 13 before the FBI could step in. For reasons that haven’t been explained, the FBI didn’t cough up the key until July 21.