- Advertisement -
Science / Tech.Software vendor caught up in REvil ransomware attack obtains...

Software vendor caught up in REvil ransomware attack obtains decryptor key


- Advertisment -

Kaseya is currently helping to restore the systems of customers whose networks were still locked down by REvil’s software, it said.

“I can confirm we have received a decryptor and are currently working to assist the customers impacted by the attack,” said Kaseya spokesperson Dana Liedholm. “We can’t share the source but can say it’s from a trusted third party.”

Ransomware gang that hit meat supplier mysteriously vanishes from the internet

Liedholm declined to answer further questions about whether the decryptor key had been reverse-engineered from the REvil malware.

Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, said his firm had verified the effectiveness of the key at restoring victim data.

“We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers,” Callow told CNN.

The Kaseya attack has been called one of the largest ransomware attacks in history. On July 2, hackers affiliated with REvil — a cybercriminal gang that is believed to operate out of Eastern Europe or Russia — used Kaseya’s remote management tools to deliver malicious software to Kaseya’s customers that encrypted their data and locked them out.

It is still unclear how the attackers managed to gain access to Kaseya’s product.

What it's really like to negotiate with ransomware attackers
Many of Kaseya’s customers are IT support firms that help small businesses such as dentists’ offices, local restaurants and accounting firms with their information technology needs. When the support firms were hit, their own customers were also affected, prompting Kaseya to estimate later that as many as 1,500 organizations worldwide may have been compromised by the ransomware.
REvil issued an eye-popping $70 million ransom demand in exchange for a decryptor key that could unlock all of the affected systems at once. But even as some companies were still reeling from the attack, REvil vanished from the internet — with most of its websites going dark.
The group’s mysterious disappearance last week has sparked speculation as to its fate. The US government has steadfastly declined to say whether it played a role, though the Biden administration has vowed to crack down on ransomware. And, in the case of Colonial Pipeline, US law enforcement officials have been able to track and recover some of the money the company paid to its ransomware attackers — a group known as DarkSide that has also since disappeared.

Source link


Please enter your comment!
Please enter your name here


Opinion | Do Mask Mandates Work?

For example, Florida, which last week accounted for more than 20 percent of Covid-19 cases reported in the...

Activision, Facing Internal Turmoil, Grapples With #MeToo Reckoning

More than 1,500 workers for the video game maker Activision Blizzard walked out from their jobs this week....

Graham Company Announces Season of In-Person Performances

The Martha Graham Dance Company will debut new works by Andrea Miller and Hofesh Shechter in New York...

‘Stillwater’ review: Matt Damon stars as a dad crusading to free his daughter

The story owes an obvious debt to the Amanda Knox case, with Abigail Breslin playing Allison, an American...

Must read

Opinion | Do Mask Mandates Work?

For example, Florida, which last week accounted for...

Activision, Facing Internal Turmoil, Grapples With #MeToo Reckoning

More than 1,500 workers for the video game...
- Advertisement -

You might also likeRELATED
Recommended to you