Kaseya obtains smartly-liked ransomware decryptor

Kaseya, the IT companies dealer that used to be the matter of a REvil/Sodinokibi ransomware attack orchestrated thru a series of vulnerabilities in its VSA product earlier in July 2021, says it has managed to design a smartly-liked decryptor key to enable ransomed customers to unlock their recordsdata for free.

The company took possession of the decyption instrument on 21 July and is at indicate contacting customers whose programs were locked by the REvil syndicate in repeat to remediate them.

“We can verify that Kaseya obtained the instrument from a third birthday party and contain groups actively helping customers littered with the ransomware to revive their environments, with no reviews of any downside or points associated with the decryptor,” Kaseya said in an announcement.

“Kaseya is working with Emsisoft to strengthen our customer engagement efforts, and Emsisoft has confirmed the key is efficient at unlocking victims.”

The initial attack, which took position on Friday 2 July, straight away sooner than the Independence Day vacation weekend in the US, noticed about 60 managed carrier providers (MSPs) that deliver VSA encrypted, with valuable impacts on hundreds of downstream customers, many of them exiguous businesses.

The REvil ransomware syndicate in the serve of the attack had demanded a filled with $70m to provide a smartly-liked decryptor, but slightly of over per week later, a valuable chunk of the neighborhood’s infrastructure used to be taken offline for reasons which contain tranquil not been established.

This, coupled with the insistence of Kaseya CEO Fred Voccola that the company would not negotiate with its attackers in any circumstances, and the usage of the time length “relied on third birthday party” would seem, on the time of writing, to counsel that Kaseya has not paid a ransom.

Pc Weekly’s sister title SearchSecurity asked Kaseya whether or not or not receipt of the foremost used to be linked to a ransom fee made either by the company itself, or by a third birthday party, but Kaseya declined to provide additional vital points.

This has resulted in speculation in the safety community that the foremost used to be handed over by a disgruntled REvil affiliate, that the team has been compelled by the Russian government to hand the foremost over to laws enforcement, or that it has been subject to an as-but undisclosed action by the US authorities.

Eset’s Jake Moore said it used to be certainly seemingly that one in every of these scenarios used to be the most attainable. “Decryption tools either mean the company has paid the ransom, or governments contain obtained furious referring to the discovery,” he said. “It’s far most frequently very rare to detect a instrument to so merely fix the concerns, but it completely would possibly well maybe maybe also be the supreme hope for affected organisations.

“With 19 days since the attack, these companies affected would possibly well maybe maybe fair contain dodged a expansive bullet with this decryptor and the sickening feeling of the attack would possibly well maybe maybe fair now bolster their future security.”

Read extra on Hackers and cybercrime prevention

• 
  

  Kaseya obtained ransomware decryptor from ‘relied on third birthday party’

  

  By: Alexander Culafi

• 
  

  Virgin Media outage: Electrical explosion takes down network in south-east London

  

  By: Caroline Donnelly

• 
  

  Hassle & Repeat: Breaking down the Kaseya ransomware attacks

  

  By: Favor Wright

• 
  

  REvil ransomware crew drops offline, reasons dark

  

  By: Alex Scroxton