Kaseya is at this time helping to restore the devices of consumers whose networks had been nevertheless locked down by REvil’s computer software, it claimed.
“I can verify we have received a decryptor and are at the moment doing the job to support the shoppers impacted by the assault,” reported Kaseya spokesperson Dana Liedholm. “We won’t be able to share the resource but can say it is really from a trusted 3rd bash.”
Liedholm declined to remedy further more inquiries about no matter whether the decryptor important experienced been reverse-engineered from the REvil malware.
Brett Callow, a risk analyst at the cybersecurity organization Emsisoft, claimed his firm experienced verified the usefulness of the critical at restoring target knowledge.
“We are doing the job with Kaseya to assist their shopper engagement attempts. We have confirmed the important is successful at unlocking victims and will go on to give assist to Kaseya and its shoppers,” Callow explained to CNN.
Underscoring that issue, Drew Schmitt, principal threat intelligence analyst at GuidePoint Security, reported that even though he is not associated with the situation at Kaseya, he is confident the key should really do the job.
“There are extremely constrained circumstances the place I’ve obtained a decryptor during a negotiation and identified out it both won’t perform or uncovered some major challenge with it,” Schmitt mentioned. “The share of cases or incidents where by the decryptor just flat-out does not perform is definitely, genuinely very low and is nearer to zero than everything.”
It is still unclear how the attackers managed to achieve entry to Kaseya’s product or service.