Software package seller caught up in REvil ransomware attack obtains decryptor crucial

Kaseya is at this time helping to restore the devices of consumers whose networks had been nevertheless locked down by REvil’s computer software, it claimed.

“I can verify we have received a decryptor and are at the moment doing the job to support the shoppers impacted by the assault,” reported Kaseya spokesperson Dana Liedholm. “We won’t be able to share the resource but can say it is really from a trusted 3rd bash.”

Liedholm declined to remedy further more inquiries about no matter whether the decryptor important experienced been reverse-engineered from the REvil malware.

Brett Callow, a risk analyst at the cybersecurity organization Emsisoft, claimed his firm experienced verified the usefulness of the critical at restoring target knowledge.

“We are doing the job with Kaseya to assist their shopper engagement attempts. We have confirmed the important is successful at unlocking victims and will go on to give assist to Kaseya and its shoppers,” Callow explained to CNN.

Underscoring that issue, Drew Schmitt, principal threat intelligence analyst at GuidePoint Security, reported that even though he is not associated with the situation at Kaseya, he is confident the key should really do the job.

“There are extremely constrained circumstances the place I’ve obtained a decryptor during a negotiation and identified out it both won’t perform or uncovered some major challenge with it,” Schmitt mentioned. “The share of cases or incidents where by the decryptor just flat-out does not perform is definitely, genuinely very low and is nearer to zero than everything.”

The Kaseya assault has been termed just one of the major ransomware assaults in record. On July 2, hackers affiliated with REvil — a cybercriminal gang that is considered to run out of Eastern Europe or Russia — used Kaseya’s remote administration resources to produce destructive computer software to Kaseya’s buyers that encrypted their facts and locked them out.

It is still unclear how the attackers managed to achieve entry to Kaseya’s product or service.

A lot of of Kaseya’s clients are IT assistance companies that aid modest firms this sort of as dentists’ workplaces, community dining places and accounting companies with their facts know-how needs. When the guidance corporations were strike, their have prospects ended up also impacted, prompting Kaseya to estimate afterwards that as quite a few as 1,500 corporations around the globe could have been compromised by the ransomware.
REvil issued an eye-popping $70 million ransom desire in exchange for a decryptor crucial that could unlock all of the afflicted devices at once. But even as some providers have been nevertheless reeling from the attack, REvil vanished from the internet — with most of its internet sites heading dim.
The group’s mysterious disappearance last week has sparked speculation as to its fate. The US govt has steadfastly declined to say no matter whether it performed a role, although the Biden administration has vowed to crack down on ransomware. And, in the scenario of Colonial Pipeline, US law enforcement officers have been in a position to monitor and get well some of the funds the company compensated to its ransomware attackers — a group acknowledged as DarkSide that has also since disappeared.

Related posts