Security News > 2021 > September > Emails, chat logs, more leaked online from far-right militia linked to US Capitol riot

FBI accused of withholding ransomware key as part of REvil probe.

The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.

"The decryptor key would have been nice three weeks before we got it, but we had already begun a complete restoration of our clients' systems," Joshua Justice, owner of the Maryland IT company JustTech, which had about 120 clients hit by the extortionware, told the Washington Post.

The Post claimed "Several current and former US officials" had confirmed the agency had the key but didn't hand it over to businesses for three weeks so the criminals would not be tipped off while agents prepared a raid.

The 75-year-old is accused of setting up improvised explosive devices and leaving them outside AT&T and Verizon stores as well as leaving threatening letters by cell towers.

At least some of the credentials are said to still work: the leaked collection contains 498,908 username-password pairs for 12,856 Fortinet VPN SSL boxes, 2,959 of which have IP addresses that suggest they are in the US. Someone has helpfully compiled a list of IP addresses of devices in the credential dump, in case you want to see if your Fortinet equipment is caught up in the leak, following a report by Bleeping Computer.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/28/in_brief_security/