11

Kaseya obtains master decryptor for victims of REvil ransomware attack

 3 years ago
source link: https://siliconangle.com/2021/07/22/kaseya-obtains-master-decryptor-victims-revil-ransomware-attack/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Kaseya obtains master decryptor for victims of REvil ransomware attack
kaseya1.jpg
SECURITY

Information technology management software firm Kaseya Ltd. has obtained a master decryptor for victims of the REvil ransomware attack that targeted its customers earlier this month.

Kaseya said in a security update today that it has obtained the tool from a third party and has teams activity helping customers affected by the ransomware to restore their environments. The company added that there are no reports of problems or issues with the decryptor and that it’s working with Emsisoft Ltd. to support customer engagement efforts.

The attack by REvil started July 2 and targeted a zero-day, or until then unknown, vulnerability in the Kaseya VSA remote management application. Exactly how many Kesaya downstream customers were affected remains unclear, but estimates have put the number at between 800 and 1,500.

REvil subsequently demanded a $70 million ransom payment for a decryption key.

The attack gained the attention of the White House, which threatened to take action against Russia if the REvil attack was linked to the country. REvil is believed to operate out of Russia but is not known to be linked to the Russian government. Following the threat, REvil disappeared on July 13. Whether it was an action taken by the Russian government or was an indication that REvil decided to cut and run is unknown.

That REvil has seemingly disappeared begs the question as to how Kaseya obtained the decryption key. When asked by Bleeping Computer for details, the company declined to say from whom it obtained the decryptor. Adding fuel to the fire, Kaseya also refused to confirm or deny whether it had made a ransom payment.

Whichever way it obtained the decryptor, thew news will come as a relief to its customers.

“The sudden appearance of this universal key suggests that it is possible that this ransom may have been paid, although it is likely that the ransom would have been negotiated to a lower price,” Ivan Righi, cyberthreat intelligence analyst at digital risk protection solutions company Digital Shadows Ltd., told SiliconANGLE. “While the master decryption key has been acquired, the attack should not be considered to be over.”

REvil is known to exfiltrate data from victims, so the group may still have copies of data stolen from victims, Righi explained. “The group could use this data to extort victims or auction off the data, as it has done in the past on its website Happy Blog,” he said. “However, the group’s current activities are unknown since going dark, when their sites vanished and representatives got banned on prominent forums.”

Image: Kaseya

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK