Kaseya Obtains Ransomware Decryptor Tool For Affected Downstream Victims
Though notorious hacking group REvil has gone offline, companies are still reeling from the effects of the Kaseya ransomware attack. However, it seems the Florida-based remote-management software company has obtained a universal decryptor key and is working with all its customers to rectify the situation.
Just before the July 4th holiday weekend in the US, criminal hackers from REvil utilized a 0-day exploit to access Kaseya’s systems and subsequently encrypt them and downstream customers. It was estimated that nearly 1,500 different companies, including a large chain grocery store in Sweden called Coop, were infected with the REvil ransomware. Afterward, an astounding $70 million was demanded by REvil before the group spontaneously disappeared.
Today, Kaseya has made a new blog post about the situation. The company further claims that it “obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor.” According to Kaseya-partner Emisoft, this key is reportedly effective in completely unlocking affected systems for victims.
Whether or not the mysterious “third party” is REvil or not, this is still a good outcome for the victims downstream of Kaseya. However, having this happen is more of an exception, not the rule, and businesses should be wary no matter what. Not all ransomware stories have decent outcomes such as this, and as such, cybersecurity is still paramount.