[ad_1]
KaseyaThe information technology company, which used its software to deliver the REvil ransomware strain to its customers this month, announced that it has acquired a universal decryption key that restores infected systems.
About three weeks after the crippled supply chain attack, Kaseya He said on Thursday that he had recently acquired the decryption key and successfully used it to restore affected customer systems.
“We can confirm that Kaseya acquired the tool from a third party and have teams actively assisting ransomware-affected customers in restoring their environment, with no issues or reports of problems with the decryptor. Kaseya On its website, he added that he is working with Emsisoft, a New Zealand-based anti-virus firm specializing in helping victims recover from ransomware attacks.
Kaseya did not elaborate on the origins of the decryptor. A spokesperson for the Florida software company told reporters that the key came from a “trusted third party,” but did not specify more.
“We are working together Kaseya In a statement, Emsisoft added that it “confirmed that the key was effective in unlocking victims of a large-scale ransomware attack.”
REvil existed as ransomware as a service until recently. REvil’s developers licensed proprietary malware to affiliates in exchange for withholding any ransom payments received from its victims.
In addition to holding data hostage, REvil attackers occasionally leaked and then posted online sensitive material stolen from victims, which the attackers said did not pay the requested amount.
Kaseya On July 3, it announced that it was the victim of a “sophisticated cyberattack” in which remote access software was hacked and then used to attack customers with the REvil ransomware strain.
Nearly 1000 businesses were affected by the attack, Kaseya He said it had to close hundreds of stores, including Swedish supermarket chain Coop, for several days.
Victims of the attack were told by the perpetrators to pay a ransom to regain access to affected systems, and websites affiliated with REvil later offered to sell a master decryption key for $70 million.
However, on July 13, REvil disappeared when all known gang-related websites and online infrastructure went offline and denied their victims a way to reach the perpetrators if they wanted to pay.
it was not clear Kaseya had bought the master key from the ransomware gang or obtained it by other means.
“We can’t share the source but we can say it came from a trusted third party” Kaseya Spokesperson Dana Liedholm told reporters.
The White House said REvil is most likely based in Russia. President Biden said he warned Russian President Vladimir Putin to rein in ransomware attacks from his country days before REvil disappeared.
The FBI advises ransomware victims not to pay.
[ad_2]
Source link