IT management software firm Kaseya, says that it’s obtained the REvil universal decryption key through a “trusted third party” , though they don’t reveal exactly who the third party is. This should help Kaseya recover data from a July 4th REvil ransomware attack that affected over 1,500 businesses.
REvil is one of several ransomware groups operating out of Eastern Europe. It carried out a supply chain ransomware attack on Kaseya by exploiting a vulnerability in the company’s VSA product, a platform that Kaseya uses to distribute software to its customers. Kaseya claims that it was days away from patching this vulnerability when the hack occurred.
In the end, REvil’s ransomware affected 60 of Kaseya’s customers and over 1,500 downstream networks. The ransomware group demanded $70 million in exchange for a universal decrypter tool, though til this point, Kaseya has avoided such a deal.
Recently several of REvil’s dark web sites disappeared following a phone call between President Biden and Vladimir Putin last week. In a press conference on Friday, July 9th, the president claimed that he “made it very clear to [Putin] that the United States expects, when a ransomware operation is coming from their soil even though it’s not, not, sponsored by the state, that we expect them to act.”
The president also confirmed that there would be consequences for future attacks, and that the U.S. is justified in targeting servers that host ransomware operations.
Regardless of how Kaseya got its hands on the REvil decrypter, the software firm can now unlock data that businesses lost in the July 4th ransomware attack (and other REvil attacks). Hopefully, this breakthrough will reduce the number of ransomware attacks that occur in the future.
Source: The Guardian via ZDNet