The Federal Bureau of Investigation (FBI) had the keys to REvil\u2019s ransomware as the cybercriminals were locking up company after company\u2019s data and did not publicly share the keys.What were they thinking? What were they protecting?The Washington Post reports the FBI had secretly obtained the digital key to the Russia-based ransomware group, REvil, some three weeks prior to their distributing the key. When pressed at a recent congressional hearing, FBI Director, Christopher Wray noted that delay lays within the fact that the FBI was working jointly with other agencies and allies. He explained, \u201cWe make the decisions as a group, not unilaterally.\u201d He continued, \u201cThese are complex .\u2009.\u2009. decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world.\u201dWhat Wray may have really been saying, without saying it, is that the FBI did not own the information that they had in their possession, the keys were, as noted, \u201csecretly obtained,\u201d by which agency or which ally is not revealed. The doctrine of third-party rule is that one is permitted to use the information to advance their own intelligence operations\u2014which sources told the Washington Post was to take down REvil.Dmitri Alperovitch, chairman of the Silverado Policy Accelerator in a September 21 New York Times op-ed notes \u201cAmerica is being held for ransom. It needs to fight back.\u201d He commended the two-prong approach of the Biden administration, diplomacy and expanded defensive capabilities. He also called for there to be an offensive capability, especially when it comes to the \u201cmost potent ransomware groups\u201d operating out of Russia, North Korea, and Iran. Alperovitch didn\u2019t mince words in suggesting what America needs is \u201can aggressive campaign [that] would target the foundation of ransomware criminals\u2019 operations: their personnel, infrastructure, and money.\u201dIt appears the FBI was attempting to accomplish that which Alperovitch was suggesting needed to happen\u2014targeting REvil\u2019s personnel, infrastructure, and money.The FBI takedown that didn\u2019t happen There is no argument that millions were paid in ransoms to the criminals and some companies had such a degradation of capability their continued existence was at risk. As events unfolded, REvil took itself down on July 13, 2021, and thus the FBI operation against the criminal entity never materialized. Once REvil took itself out of the game, the table adjusted. If the FBI was not the entity who acquired the information via an offensive operation or a source, to make the keys public would require a return to the originator of the intelligence to obtain a green light to make the information public. \u00a0Third-party rule on intelligenceTo this jaded eye, three weeks seems a rather long cycle for coordination, even if it included allies in different time zones, given the global nature of the REvil\u2019s efforts. That said, it is easy to tell the others what to do and how to do it when one has no equity in the mix and without knowing the number of cooks in the kitchen, nor the sensitivity of the sourcing of the intelligence. To move unilaterally and precipitously by revealing the possession of the decryption key may have compromised the sources and methods that were used to obtain the key. Therefore, it is impossible to say whether the FBI\u2019s liaison office and legal attach\u00e9s abroad were dragging their feet, or whether the coordination among nations and agencies moved amazingly fast given the complex relationships pertaining to source protection.Universal decryptor for REvil availableThe FBI did, eventually, provide the key to a number of cybersecurity companies, who were able to take the information and fold it into \u201cdecryptors\u201d unlocking their client\u2019s data. More publicly and of use for those who were victims of REVil, and did not have backup, nor a cybersecurity provider helping them recover, on September 20, Bitdefender provided a \u201cuniversal decryptor\u201d that works on any REvil encrypted datasets pre-July 13, 2021. Bitdefender noted how the universal decryptor was able to be created as a result the company\u2019s collaboration with a \u201ctrusted law enforcement partner\u201d (not further identified).In sum, source and equity protection considerations within the international milieu of facing off against the criminal entities fomenting ransomware as a service will always be a gating factor when it comes to publicly revealing information clandestinely obtained.