Kaseya Obtains Universal Decryptor for REvil Ransomware - silversurfer - 24 July 21
Quote:Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.
The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator (VSA) platform, affected Kaseya customers in 22 countries using the on-premises version of the platform – many of which are managed service providers (MSPs) who use VSA to manage the networks of other businesses. In addition to the 60 direct customers, around 1,500 downstream customers of those MSPs were also affected.
The VSA software is used by Kaseya customers to remotely monitor and manage software and network infrastructure.
In the wake of the attacks, the REvil gang (aka Sodinokibi) demanded $70 million for a universal public decryption key that will remediate all impacted victims – a price that one researcher said was eventually lowered to $50 million.
Late on Thursday afternoon, the vendor announced via its rolling advisory on the incident that it had obtained the decryptor “through a third party.” It’s unclear if the ransom was indeed paid.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” it said. “Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims…Customers who have been impacted by the ransomware will be contacted by Kaseya representatives.”
Read more: Kaseya Obtains Universal Decryptor for REvil Ransomware | Threatpost
|