Kaseya, the management software maker that fell victim to a massive REvil ransomware attack in early July, has got hold of a universal key. The company is also starting to share it with its customers.
The cyberattack, which was spread via Kaseya VSA’s software at the beginning of this month, affected more than a thousand companies worldwide. This also included Belgian companies, such as the Antwerp ICT service provider ITxx. It is one of the largest cyber attacks to date.
It is notable that REvil, the gang behind the attack, quickly came up with a ransom demand of 70 million dollars for a universal ‘decryptor’ or key for data encryption. Such a key would make it possible to get the computers up and running again at all companies. However, the group, or at least its websites, quickly disappeared from the internet, making further negotiations impossible.
But now Kaseya says on its blog that it has obtained a universal key from a ‘trusted third party’. It will also distribute it to its affected customers. “We can confirm that we have received a third-party decryptor but cannot disclose more about the source,” Dana Liedholm, SVP of Corporate Marketing, told tech site BleepingComputer.
The key has been verified by security company Emsisoft, which is often hired to decrypt computers after ransomware attacks. It will be distributed free of charge to the many affected SMEs and companies that are customers of Kaseya.
In principle, they should now get their files and computers back with the universal key if they hadn’t been able to do that in the past few weeks. In addition, customers are, of course, also advised to keep patching. Kaseya has rolled out two more updates to its software in recent days. This will hopefully fix the bugs that REvil exploited to infect the whole thing.
Kaseya won’t say if the ransom paid for the key. It is also not at all clear what happened to REvil, and why the gang has disappeared from the net. It must be said that the attack, due to its unprecedented size, received extra attention from a political angle. She was one of the reasons for US President Joe Biden to address Russia about its apparent tolerance policy around ransomware. Therefore, journalists such as Kevin Collier of the American channel NBC speculate that the key may have been obtained as a diplomatic concession.