Kaseya obtained a universal decryptor that enables the July 2 REvil ransomware attack victims to recover their files for free.
- Hackers demanded $70 million in Bitcoin as a ransom in the Kaseya ransomware attack.
- Kaseya obtained a universal decryptor that enables the victims to recover their files.
- Kaseya said it had sent a detection tool to nearly 900 customers on Saturday night.
Kaseya obtained a universal decryptor that enables the July 2 REvil ransomware attack victims to recover their files for free.
On July 2, the REvil ransomware gang launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application.
REvil gang demanded $70million for a universal public decryption key that will remediate all impacted victims.
Today, Kaseya has announced that they obtained a universal decryptor for the ransomware attack from a "trusted third party" and are now distributing it to affected customers.
While most victims were not paying, the gang's disappearance prevented companies who may have needed to purchase a decryptor unable to do so.
On July 13, REvil, as a criminal organisation, vanished, and representatives were banned on main underground forums.
While most victims were not paying, the gang's disappearance prevented companies who may have needed to purchase a decryptor unable to do so.
“We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source," Kaseya's SVP Corporate Marketing Dana Liedholm told BleepingComputer.
“We had the tool validated by an additional third party and have begun releasing it to our customers affected."
“The sudden appearance of this universal key suggests that it is possible that this ransom may have been paid, although it is likely that the ransom would have been negotiated to a lower price,” Ivan Righi, cyber-threat intelligence analyst at Digital Shadows, said via email.
Researchers warned that the attack should not be considered to be over, as REvil is known for its double-extortion attacks where company data is stolen in addition to being hit with ransomware.
“The group may still have copies of data stolen from victims,” Righi said. “The group could use this data to extort victims or auction off the data, as it has done in the past on its website Happy Blog.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?