Seal of the FBI
Photo: Chip Somodevilla/Getty Images

Why did the FBI hide a key to a devastating ransomware attack?

Protocol Enterprise

Good morning, and welcome to Protocol | Enterprise, your comprehensive roundup of everything you need to know about cloud and enterprise software. This Thursday: why the FBI let ransomware victims twist in the wind, the next big AI startup IPO, and the absurdity of Dreamforce.

(Was this email forwarded to you? Sign up here.)

The Big Story

Cops and robbers

Ransomware is one of the most pressing problems of our day, with the potential to affect almost any business operating on the internet. Creative approaches will be needed to solve this problem, but the FBI's response to the July Kaseya attack bears scrutiny.

FBI investigators obtained but didn't disclose decryption keys for the malware that earlier this year infected software built and sold by Kaseya, the Washington Post reported this week. The agency reportedly sat on those keys for several weeks, despite the fact that as many as 1,200 businesses and organizations were scrambling to stay in business after their critical data was encrypted by a hacker group known as REvil.

  • Remember that this attack was particularly pernicious because Kaseya's software is used by smaller consulting companies to help their own clients manage IT assets, the latest supply-chain attack to have an outsized impact beyond its original target.

Why didn't the FBI come forward? It wanted to bust down some digital doors: Investigators didn't disclose that they had obtained the key because they were worried about alerting REvil before they could execute some sort of "operation" against the group, according to the Post.

  • However, the group shut down its online presence on July 13, before the FBI could execute whatever operation it had in mind, just about two weeks after REvil first launched the attack.
  • The FBI then sat on the decryption key for another week before it shared the key with Kaseya, saying it needed time to develop a tool for widespread use.
  • It does take some work to turn a decryption key into a reliable tool that can be used to recover files, but one security company working for Kaseya told the Post it was able to generate such a tool in 10 minutes, not days. After some testing, Kaseya promptly released that tool.

In the end, the FBI accomplished nothing. REvil lives to attack the next unsuspecting group using the next vector to surface, and businesses spent hundreds of millions of dollars (by the Post's estimates) trying to recover their data before the decryption tool was released.

But here's the "to be fair" section. Ransomware is a troubling problem that crosses national boundaries and is almost impossible to prevent with conventional law-enforcement techniques.

  • And the problem is spiraling: VMware disclosed a critical vulnerability in its widely used vCenter software this week that could allow attackers to encrypt business-critical servers if they are able to gain access to a company's network.
  • While VMware customers are typically large corporations with the resources to deal with a ransomware situation, others — such as the NEW Cooperative farmers' network — are not in the same position.
  • Federal agencies are under pressure to solve these problems after REvil attacked a meat producer and a different attack shut down a major East Coast gas pipeline for several days.

Still, it feels like the FBI got this wrong. Allowing American businesses to suffer the effects of ransomware attacks for which the country's top law-enforcement agency has a fix just seems like the wrong way to go.

  • Ransomware attacks proliferate because they are profitable; faster and easier ways to decrypt files help remove the pressure on businesses to pay up to get back in business.
  • "I had grown individuals crying to me in person and over the phone asking if their business was going to continue," Joshua Justice, owner and operator of an IT management firm called JustTech, told the Post. That's not a great look for the FBI.
  • And in any event, ransomware groups know they are already under scrutiny by dozens of public and private security companies tracking their moves across the internet.
  • That's one reason why the FBI and other agencies shouldn't hesitate to take direct action against ransomware groups, Crowdstrike co-founder Dmitri Alperovitch argued in an opinion piece for The New York Times this week.

Businesses are already hesitant to report ransomware attacks to law-enforcement authorities. How are they going to react knowing their government let them twist in the wind?

— Tom Krazit


Businesses, cities and government agencies will continue to generate vast amounts of location data. Moving through the next decade, location data can help underpin major transformational shifts in how our economies and societies are examined. It can be harnessed to help solve some of our world's most pressing inequity challenges and transform the way we live, move and interact within our communities.

Learn more

This Week On Protocol

IoT IPO: Samsara could be the next big AI IPO later this year as it sees increasing demand for technology that helps companies manage moving parts, such as fleets of commercial vehicles, through sensors and software. Protocol's Joe Williams talked to CEO Sanjit Biswas about the future of the industrial internet and how Samsara bounced back from a pandemic-related setback.

ERGs vs. HR: Employee-resource groups have been extremely valuable helping underrepresented people inside tech companies have their voices heard against the homogenous crowds. But as Protocol's Megan Rose Dickey reported, those groups often lack power and are marginalized by corporate priorities and skeptics of labor organizations.

D.C. OMG: Not content with sniping at each other during every enterprise software bidding process, Google and Microsoft exchanged blows this week using the mightiest of weapons: D.C. lobbyists. Protocol's Ben Brody broke down why Google is complaining that Microsoft's hold on the public-sector office productivity software market is bad (hint: it's about money).

Around the Enterprise

  • Freshworks raised $1 billion in an IPOon Wednesday that saw its Salesforce-adjacent business valued at around $14 billion at the end of its first trading day.
  • Nutanix rolled out several new features that help companies bring cloud-like software management techniques to their own data centers while also using public cloud services.
  • How Chinese is a Chinese supercomputer? The nation's supercomputers are a regular on the Top500 lists, but those efforts depend on technology from around the world. The Next Platform outlined what it would take for China to become "compute independent."
  • Google released new details on its quantum-computing research and how it has found ways to reduce the number of errors made by those futuristic machines, which will be key if they are ever to be used at scale for enterprise computing.
  • How does Amazon run? Bloomberg looked at how the company uses software built on top of AWS to keep its (mostly) automated fulfillment centers going.
  • Repeat after me: The cloud is complicated. We've written a lot about the disproportionate response to cloud outages from people who don't understand the complexity involved, but Gartner's Lydia Leong really drove the point home in this essay.
  • Stop reading now if you don't want to feel old.The Verge highlighted how students in computer science classes have no frame of reference for "folders" thanks to fast and accurate search technology. See also: Why is the "save" icon still a floppy disk?
  • Dreamforce is a weird conference. And as only it can, The Register summed up Day One of Salesforce's enterprise software event that is only kinda sorta about enterprise software.


We are on the verge of seeing a massive increase in location-relevant data, well beyond anything today, and driven by an expanding network of sensor-equipped vehicles, devices and machines. But we are moving into a more dynamic world where all objects and things need to understand where they are and how to precisely interact with their surroundings. It is the beginning of a new era of Spatial Intelligence.

Learn more

Thanks for reading — see you Monday!

Recent Issues