US wants answers over FBI delay in helping Kaseya ransomware victims

News
By published

Bipartisan criticism grows over FBI’s actions following REvil ransomware attack

FBI headquarters on Pennsylvania avenue sign with traffic reflections at night
(Image credit: Shutterstock)

The US House Committee on Oversight and Reform has insisted on answers from the FBI over its three-week delay in providing decryption keys to businesses attacked by REvil ransomware.

"To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a statement.

CISA, FBI, and NSA issue a Conti ransomware advisory CISA and FBI release holiday ransomware alert FBI still frowns on ransomware payments FBI partners with 'Have I Been Pwned' on breached password database

In a letter addressed to FBI Director Chris Wray, Committee Chairwoman Carolyn Maloney and ranking member Rep. James Comer said that the FBI withheld this tool for nearly three weeks as it worked to disrupt the attack, potentially costing the ransomware victims — including schools and hospitals — millions of dollars.

“Earlier this summer, a Florida-based software company was the victim of a ransomware attack that compromised between 800 and 1,500 businesses around the world,” the committee heads said.

"Congress must be fully informed whether the FBI's strategy and actions are adequately and appropriately addressing this damaging trend,” they said.

“Ransomware hackers have shown their willingness and ability to inflict damage on various sectors of the US economy. Congress must be fully informed whether the FBI's strategy and actions are adequately and appropriately addressing this damaging trend."

The FBI obtained the decryption keys by accessing servers of the Russian-based hackers involved in the attacks this July, according to the Washington Post. The FBI held the keys as part of an operation to disrupt the hackers and did not want to alert them of it. However, before the FBI had a chance to mount a counterattack, REvil’s platform went offline.

In his testimony in front of Congress last week, Director Wray blamed the delay on other law enforcement agencies who asked the FBI not to disseminate the keys. He added there were limits to what he could say because investigations are ongoing.

“We make the decisions as a group, not unilaterally,” he said. Wray added that there are “complex… decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world."

Congress demanded a response from the FBI over the allegations by October 6.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.

More about ransomware
A hand on a keyboard in a dark room

Alleged LockBit developer extradited to the US
Ransomware concept image showing digitized padlock pictured on a laptop screen on red background

February was the worst month on record for ransomware attacks – and one threat group had a field day
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.

Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
See more latest
Most Popular
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.
Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle
UK cloud infrastructure set for boost amid $5 billion Oracle investment
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.
Cisco unveils new agentic AI tools to improve customer and employee experience
Thomas Kurian, CEO at Google Cloud, sat next to Demis Hassabis, CEO at Google DeepMind, Mark Read, CEO at WPP, and Allison Kirkby, CEO at BT Group, at the Gemini for the United Kingdom live event held at the Google DeepMind HQ in London.
Google Cloud announces UK data residency for agentic AI services
A hand on a keyboard in a dark room
Alleged LockBit developer extradited to the US
Github logo on a laptop computer arranged in the Brooklyn borough of New York, US, on Friday, March 31, 2023
Organizations urged to act fast after GitHub Action supply chain attack
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks