externalities – WindowsTechs.com

FBI Had the REvil Decryption Key

Posted on September 22, 2021 by Bruce Schneier

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation.

The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared…

Continue reading FBI Had the REvil Decryption Key→

The Misaligned Incentives for Cloud Security

Posted on May 28, 2021 by Bruce Schneier

Russia’s Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians’ success wa… Continue reading The Misaligned Incentives for Cloud Security→

The Cost of Cyberattacks Is Less than You Might Think

Posted on September 29, 2016 by Bruce Schneier

Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security best practices. Because adoption of… Continue reading The Cost of Cyberattacks Is Less than You Might Think→