Kaseya gets universal decryptor for REvil ransomware attack victims
Latest in cybersecurity.
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free.
On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses.
After the attack, the threat actors demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim’s network.
Soon after, the REvil ransomware gang mysteriously disappeared, and the threat actors shut down their payment sites and infrastructure.
While most victims were not paying, the gang’s disappearance prevented companies who may have needed to purchase a decryptor unable to do so.
Today, Kaseya has stated that they received a universal decryptor for the ransomware attack from a “trusted third party” and are now distributing it to affected customers.
“We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” Kaseya’s SVP Corporate Marketing Dana Liedholm told BleepingComputer.
“We had the tool validated by an additional third party and have begun releasing it to our customers affected.”
While Kaseya would not share information about the key’s source, they confirmed with BleepingComputer that it is the universal decryption key for the entire attack, allowing all MSPs and their customers to decrypt files for free.
It is unclear what caused the REvil ransomware operation to shut down and go into hiding. Multiple international law enforcement agencies have told BleepingComputer that they were not involved in their disappearance.
One theory is that the White House’s continued pressure on Russia to do something about the ransomware gangs believed to be operating within Russia led to REvil’s shutdown.
It is believed that the Russian government pressured the ransomware gang to shut down and disappear as a gesture of goodwill towards the USA.
While it is unclear how Kaseya retrieved the decryption key, it is possible that Russia received it directly from the ransomware gang and shared it with US law enforcement as a gesture of goodwill.
REvil’s disappearance is likely not the end of the gang’s online activities. It is expected that the group will rebrand as a new ransomware operation in the future.
via BleepingComputer https://ift.tt/2fDDDRH
July 22, 2021 at 10:51AM