Legislators say they have little information from the FBI about a recent ransomware investigation in which senior officials provided few responses to decisions that cost US companies millions of dollars and produced questionable results.

During a House Oversight and Reform Committee hearing on ransomware on November 16, the FBI was questioned about its handling of ransomware July attack against the US IT company Kaseya, in which hackers from the ransomware group REvil exploited a vulnerability in Kaseya’s software to exfiltrate data from around 1,500 US companies, schools, hospitals and other institutions.

It was in September revealed that the FBI had received a decryption key in July that would have enabled hundreds of victims to access their data, but agents withheld the key because they refused to give REvil any indication of a major law enforcement action planned.

The FBI never got a chance to conduct its planned operation against REvil as the group went offline in late July.

The FBI has been scrutinized by Congress for handling the failed operation that allegedly cost companies millions in the cost of getting their data. Some companies rebuilt their systems or obtained backups of their data, while others were temporarily shut down during the incident.

However, the FBI has apparently been silent on the matter from Congress.

At the House Oversight and Reform Committee’s ransomware meeting on November 16, Rep. James Comer (R-Ky.), Senior Republican on the board, criticized the office for its lack of transparency on the issue.

“In September the chairwoman and I asked [FBI] director [Christopher] Wray for a briefing on the FBI’s decisions. We never received that briefing, ”Comer said, turning his anger on Bryan Vorndran, the FBI’s assistant director of cyber. “Please advise Director Wray that we are awaiting a briefing if the oversight committee requests a briefing.”

Comer questioned Vorndran about the FBI’s decisions on the Kaseya investigation. Front end was locked but suggested that agents test the decryption key to make sure it was secure and effective.

“These decryption keys were developed and encoded by criminals in the safe haven,” he said. “We tested the decryption key in different environments so that we know that it does not create any new vulnerabilities.”

Vorndran declined to answer Comer’s question about how much money the FBI might have cost the FBI company its decision to withhold the decryption key for weeks in July. Comer, in turn, criticized the FBI and other government bureaucracies for failing to take into account the economic damage their law enforcement operations can do to US victims.

“We have to take into account the hundreds of millions of dollars the FBI costs in getting out of it [promptly providing REvil victims with the decryptor key]“Said Comer.

The House Oversight and Reform Committee is not the only congressional body fighting for answers to the Kaseya attack. FBI Director Wray was similarly closed off during a Senate Homeland Security Committee hearing in September.

Wray cited an ongoing investigation into why he couldn’t say much on the matter. He also declined to identify any other authorities involved in responding to the attack on Kaseya.

“This committee deserves a full account of the FBI’s cyber activities, including cyber activities,” said Senator Gary Peters (D-Mich.), The highest-ranking Democrat on the board, at the hearing. “And I would hope that you could undertake to give this committee a full briefing on this and other operations.”

Wray was non-committal at the time, but said he would do his best to make sure the FBI “provides all the information we can”. He said it would likely have to be done in a closed public hearing.

Meanwhile, the Justice Department announced on November 8th that it indicted two REvil subsidiaries in connection with the Kaseya ransomware attack and also collected $ 6 million in ransom payments. Ukrainian citizen Jaroslaw Vasinskyj, 22, is being held in Poland on US extradition proceedings, while Russian citizen Yevgeny Polyanin, 28, remains at large.

Authorities in Romania also arrested two suspected REvil partners on November 4, and another REvil subsidiary was arrested in Kuwait on the same day called.

Wray and Attorney General Merrick Garland described the arrests as a major law enforcement and collaboration victory, although some questioned the arrests’ impact on ransomware gangs.

“If this were a drug downturn, we’d say they have the street vendors – not the Kingpins,” former NSA General Counsel Stewart Baker said on November 15 Cyberlaw podcast.


Ken Silva covers national security issues for The Epoch Times. His background as a reporter also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us


Source link
#FBI #Stonewalling #Congress #Investigate #Kaseya #Ransomware

Leave a Reply