Kaseya claims to have obtained the REvil decryption key

Kaseya claims to have obtained the REvil decryption key

US software company Kaseya now has access to a comprehensive decryption key for REvil ransomware, which has affected clients of managed service providers.

The company announced its access to the decryption tool on Thursday, about 20 days after the ransomware attack, which occurred on July 2.

The attack directly affected 60 of its customers, and up to 1,500 downstream customers. Checkouts from the Swedish supermarket chain Coop have been down for nearly a week due to the attack. They hit across the country through a corrupt software update for Kaseya’s product, VSA, which is used to distribute software updates to devices on board and across the managed IT fleet. In New Zealand, schools Use Kaseya too.

Effective decryption key

According to Kaseya, New Zealand security firm Emsisoft has confirmed that the decryption tool can unlock files encrypted by REvil.

“We can confirm that Kaseya obtained the tool from a third party, and that its teams are actively helping customers affected by ransomware recover their environments, with no reports of any decryption issues.” , Refers to the company in a press release.

“Kaseya is working with Emsisoft to support our efforts with customers, and Emsisoft confirms that the switch is effective in unblocking victims.”

Did you pay the ransom?

It is not known if Cassie paid the $70 million ransom demand. The company had obtained the decryption key from a “trusted third party”, According to the spokesperson’s statements reported by Watchman.

While some of Kaseya’s downstream clients have manipulated affected systems, some clients’ endpoints remain offline, and can restore systems using a decryption key.

READ  Kaseya confirms that she obtained the decryption key without paying a ransom

An anonymous customer claimed last week that he had paid a ransom to REvil. But he was unable to decrypt the encrypted files using the provided decryption key. REvil has been selling its ransomware as a service to third-party cybercriminal groups.

Ransomware and Diplomacy

The websites of the REvil group were shut down last week after US President Joe Biden called on Russian President Vladimir Putin to take action against cybercriminals in Russia targeting US companies. Joe Biden has reportedly told the Russian president that critical infrastructure should be outside the scope of cybercrime.

Another ransomware attack by the DarkSide group led to the shutdown of the Colonial Pipeline fuel distributor on the US East Coast in May. Some security experts believe that the Colonial pipeline attack pushed the ransomware issue to the level of diplomatic discussions, prompting REvil to suspend its activities.

Source : ZDNet.com

Leave a Reply

Your email address will not be published. Required fields are marked *