Kaseya sets the decryption master key to unlock systems affected by the REvil attack



As early as July 2, the Russian ransomware group REvil staged which ended up as a mass attack on software management software giant Kaseya, as well as its customers and their customers. The group has exploited vulnerabilities in the software companies Kaseya uses to send updates to computer networks, allowing it to distribute ransomware to as many as 1,500 companies and organizations worldwide. Most of them are just small businesses, and some of the victims in New Zealand are schools, which are not your typical ransomware targets. Now, Kaseya is announced that he had procured a universal descriptor and would help those “affected by the incident.”

REvil originally demanded payment of $ 70 million for a universal decoder that will unlock data owned by the victims of the July 2 attack. In mid-July, however, the group suddenly fell off the face of the internet. The critical pages he uses to communicate with the victims disappeared shortly after President Biden revealed that he had talked to Russian President Vladimir Putin about attacks on ransomware originating in his country. It is still unclear whether the group disappeared from the internet as a result of those conversations, an offensive cyber operation carried out by U.S. authorities, or something else entirely.

In his announcement, Kaseya said he “procured the tool from a third party” and was working with software company Emsisoft to confirm he could unlock victim data. He also said that he has formed teams that will actively help “customers affected by ransomware to regain their environment” and that his representatives will contact clients who have not yet heard from the company.

When BleepingComputer asked Kasey if he had paid the ransom to obtain the key, the company replied that “it cannot confirm or deny that”. The publication also asked the FBI if it was involved in obtaining the decryption key, but the agency declined to comment on the ongoing investigation. This means that the origin of the key remains a mystery, although we doubt that its source is important for victims who just want to access locked data.

All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include associated links. If you buy something through one of these links, we may earn an associated commission.


Source link


Please enter your comment!
Please enter your name here