IT management solutions provider Kaseya said today that it obtained a universal decryptor key for those customers hit by REvil ransomware earlier this month.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” Kaseya said in a statement.
Kaseya is working with security firm Emsisoft on the rollout, which “confirmed the key is effective at unlocking victims,” according to Kaseya.
The attack hit Kaseya earlier this month and spread through its VSA remote monitoring software, ensnaring more than 200 companies in the process. Hackers reportedly demanded $70 million in Bitcoin in exchange for a key that could decrypt the locked files.
President Joe Biden has ordered US intelligence agencies to investigate, though it has not placed blame on any one actor. “The initial thinking was it was not the Russian government, but we’re not sure yet,” Biden said earlier this month.
On July 9, Biden held a call with Russian President Vladimir Putin, during which he “underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware,” the White House said. “President Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”
That same day, Biden also said it would make sense for the US to attack servers used for ransomware attacks. The White House has not confirmed any such action; “that’s obviously not something that we would speak to publicly, in terms of any specific actions the President has or hasn’t ordered,” a senior administration official said.
REvil went dark several days later, but we don’t know if it unplugged itself or fell prey to a cyberattack of its own. But it left a number of Kaseya victims in a lurch, according to reports. The demise of REvil is one reason security experts agree that it’s never a good idea to pay ransomware hackers. There’s no guarantee they’ll release your files, or if they even have the capability to do so. In the end, they just want the money.
