Kaseya deploys ransomware decryption key to victims of REvil attack

This month, Kaseya, an information technology company that abused software to provide customers with REvil ransomware, announced that it had obtained a universal decryption key to restore an infected system.

Approximately three weeks after the catastrophic supply chain attack, Kaseya said Thursday that he recently obtained a decryption key and used it successfully to restore an affected customer system. ..

“We have a team where Kaseya gets the tools from a third party and actively helps ransomware-affected customers restore their environment, and we haven’t reported any decryption-related issues or issues,” Kaseya said. Is stated on the website. We worked with Emsisoft, a New Zealand-based antivirus company that specializes in helping victims rebound from ransomware attacks.

Kaseya did not provide details about the origin of the decryption. A spokesperson for a Florida software company told reporters that the key came from a “trusted third party,” but didn’t specify any further.

“We are working with Kaseya to support customer engagement efforts,” Emsisoft said in a statement, “a key to unlocking victims of a large-scale ransomware attack.” I confirmed that. “

Until recently, REvil existed as a ransomware operation as a service. The developers of REvil licensed custom malware to affiliates in exchange for the reduced ransom received from the victims.

In addition to taking the data hostage, REvil’s attackers could also steal and disclose sensitive online material stolen from victims who said they did not pay the requested amount.

Kaseya announced on July 3 that remote access software was hacked and was the victim of an “advanced cyberattack” used to attack customers with REvil ransomware stock.

According to Kasaya, up to 1,000 companies were affected by the attack, among which Swedish supermarket chain Coop had to close hundreds of stores for several days.

Victims of the attack are told by the perpetrators to pay a ransom to regain access to the affected system, and REvil-related websites will later sell the master decryption key for $ 70 million. I offered that.

However, on July 13, REvil disappeared as all known gang-related websites and online infrastructure went offline and refused to contact the perpetrator if the victim wanted to pay. ..

It was unclear whether Kasaya bought the master key from the ransomware gang or otherwise.

“We can’t share sources, but we can say that they come from a trusted third party,” Kaseya spokeswoman Dana Liedholm told reporters.

The White House says REvil was probably based in Russia. President Biden has warned Russian President Vladimir Putin to curb ransomware attacks from his country a few days before REvil disappears.

The FBI advises ransomware victims not to pay.

Sign up for our daily newsletter

Kaseya deploys ransomware decryption key to victims of REvil attack

Source link Kaseya deploys ransomware decryption key to victims of REvil attack

Back to top button