19 days after REvil’s ransomware attack on Kaseya VSA systems, there’s a fix

0

Just ahead of the July 4th holiday weekend, a ransomware attack targeted organizations using Kaseya VSA remote management software. The outfit behind the attack, REvil, initially requested a $70 million ransom and claimed to have locked down millions of devices. That was before REvil suddenly went offline on July 13th, disconnecting its servers, abandoning forums, and shutting down a page on the dark web used to communicate with victims.

Now, Kaseya says it has obtained a universal decryptor from a “third party” that can restore data encrypted during the attack. The company has not said how it came by this technology, telling Bleeping Computer that it could not confirm or deny any ransom payment had occurred.

On 7/21/2021, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers impacted by the incident.

We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.

NBC News reporter Kevin Collier first reported the decryption tool’s existence and speculates that one of three sources is likely behind the key: the US government, the Russian government, or a ransom payment to the attackers.

Kaseya says cybersecurity firm Emsisoft confirmed the restoration tool is “effective,” and now it’s working with victims of the attack to decrypt affected systems. It’s unknown how much help the tool will offer, coming several weeks after the attacks, but it’s better than nothing.

FOLLOW us ON GOOGLE NEWS

 

Read original article here

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@techcodex.com. The content will be deleted within 24 hours.

Comments
Loading...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More