The Kaseya ransomware attack: A timeline

REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.

1 2 Page 2
Page 2 of 2

Wednesday, September 22: Report claims FBI delayed sharing decryption key for three weeks over fears it would reveal secret attempts to disrupt REvil servers

report by the Wall Street Journal alleged that the FBI had access to the Kaseya attack decryptor tool but delayed sharing it for three weeks. The FBI’s explanation was that, despite hundreds of victims struggling to deal with and recover from the attack, releasing the tool would have alerted REvil to the fact that the Bureau had secret access to its servers, which it was in the midst of trying to disrupt.

In the end, REvil went offline without FBI intervention, and the incident is a fitting reminder of common tradeoffs between law enforcement and helping victims of cybercrime. Testifying before Congress on September 21, FBI director Christopher A. Wray suggested the decision to delay was made in collaboration with allies and other agencies. “We make the decisions as a group, not unilaterally,” he said. “These are complex decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world.”

Monday, November 8: US arrests Ukrainian man suspected of carrying out Kaseya attack

The US Justice Department announced that Poland had arrested Ukrainian national Yaroslav Vasinskyi on suspicion of carrying out the attack against Kaseya. He, along with Russian national Yevgeniy Polyanin, is charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges. At the time of writing, Vasinskyi was being held in Poland pending US extradition proceedings while Polyanin remained at large. Law enforcement officials also seized more than $6 million in ransom payments as part of the operation.

Commenting in a statement on November 8, President Joe Biden said: “We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.”

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline