Quote:Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month.
However, while the key may be interesting to security researchers, it’s not likely to be of use to any of the other companies REvil hit in the spate of attacks that occurred on July 2.
A security researcher who goes by the handle @Pancak3 on Twitter found what was purported to be the key on a hacking forum and tweeted about it, posting a screenshot to the key on Twitter and also GitHub.
While it was first thought that the key could unlock all of the REvil attacks that occurred at the same time as the Kaseya one, it soon became clear to researchers that the decryptor – which appeared to some to be genuine – was only for the files locked in the Kaseya attack.
“Initial tests indicate this might be legit but do not cite me you’ll need own verification,” tweeted @SOS, or SwiftonSecurity, a systems security researcher who writes the Decent Security blog.
Oregon-based ethical hacker @Jeff McJunkin also tweeted that the master decryption key appears legitimate. “If you were affected, it’s definitely worth taking a look (in an isolated lab environment at first, naturally),” he wrote on Twitter.
Researchers at Flashpoint said they patched the decryptor binary with the annotated key from the thread and successfully decrypted a sandbox infected with the new REvil test sample “upon changing the file extensions to “universal_tool_xxx_yyy” as seen in the screenshot,” according to a blog post published Tuesday.
Read more: Kaseya’s ‘Master Key’ to REvil Attack Leaked Online
![[-]](https://www.geeks.fyi/images/collapse.png)
