Kaseya confirms that she obtained the decryption key without paying a ransom

Updated on 07/27/2021: At a time when speculation has spread for several days, Cassie published on Monday, July 26th, A note on their website It confirms that it obtained the decryption key without paying a ransom. “Recent reports have indicated that our continued silence about the payment of the ransom to Kaseya may encourage more ransomware attacks,” the company said.

“Casse has decided after consulting with experts not to negotiate with the criminals who carried out this attack and we have not deviated from this obligation. As such, we affirm unequivocally that Cassie did not pay a ransom, either directly or indirectly through a third person. decryption”.

The Miami-based company is also proud to have received the first decryption results and that “the tool was found to be 100% effective in decrypting files that were completely encrypted during the attack.” According to CNN, in order to obtain the decryption keys, the company requires its customers to sign a non-disclosure agreement. At the moment, there is no news from the REvil hacker group that disappeared from the radar soon after a $70 million ransom was demanded.

After seeing the targeted VSA program in a cyber attack that was revealed on July 2, Kaseya announced that a decryption key had been made available to the victims. It said the announcement was made on July 22 on the company’s website and is the result of a collaboration with New Zealand firm Emsisoft.

Encrypted data recovery
This key should allow 1,500 victims, both public and corporate, to recover data encrypted by hackers. Among other things, the attack forced hundreds of Coop supermarkets in Sweden and schools in New Zealand to close. Used by more than 40,000 customers around the world, the software enables companies to send updates to computer networks.

It is known to have attacked Apple and Acer as well as global meat giant JBS in the past, the group known as REvil later demanded a $70 million ransom from Kaseya in exchange for a decryption key. Quite a classic procedure during ransomware attacks.

REvil disappears from speed cameras
However, Kassiya explains in her press release that she obtained the key “from a third party”. asked by Computer As for a ransom of $70 million, the American company responded.It can neither confirm nor deny“Pay this amount. It is very difficult to verify the information since REvil disappeared from the radars for several weeks without an official reason.

Is it the result of state action? This is one of the tracks since the head United State Joe Biden, worried about having to deal with the fallout from this security incident, had asked his Russian counterpart, Vladimir Putin, to take action against cybercriminals based in his country.

The US President also ordered US intelligence agencies to investigate, saying: “The United States will take all necessary measures to defend its people and critical infrastructure in the face of this continuing challengewhich represent cyber attacks. The FBI, for its part, declined to comment on the implications this might have for the outcome of this story.