Kaseya Says It Has Now Got The REvil Decryption Key And It Works
American software firm Kaseya has access to the universal decryption key for the REvil ransomware that targeted its managed service provider customers.
The company announced its access to the decryption tool on Thursday, some 20 days after the ransomware attack took place on July 2
The attack affected 60 of its customers directly and as many as 1500 of its customers downstream. Swedish supermarket chain Coop's cash registers were down for almost a week due to the attack. The company's cash registers nationwide were infected via a tainted software update of Kaseya's product, VSA, which distributes software and security updates to endpoints. Schools in New Zealand using Kaseya software were also affected.
SEE: Network security policy (TechRepublic Premium)
According to Kaseya, New Zealand-based security firm Emsisoft has confirmed the decryption tool does unlock files encrypted with REvil.
"We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor," Kaseya said in a statement.
"Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims."
Last week, an unnamed customer claimed to have paid a ransom to the REvil gang but was unable to decrypt encrypted files with the decryption key provided. REvil sold its ransomware as a service to third-party criminal gangs.
The REvil gang's websites went dark last week after US President Joe Biden pressed Russian President Vladimir Putin to clamp down on cybercriminals based in Russia that were targeting US firms.
Biden reportedly told Putin that critical infrastructure should be off-limits after a separate ransomware attack from the group DarkSide knocked US east coast fuel distributor Colonial Pipeline offline.
Some security experts believe the attack on Colonial elevated Russian-based ransomware to diplomatic discussions and prompted REvil to suspend its operations.
See: Ransomware: Now gangs are using virtual machines to disguise their attacks
Coop rolled out a mobile payment system to allow customers to pay for goods while replacing encrypted cash registers on July 8. The mobile payment system was rolled out to 300 stores across Sweden, allowing it to continue in-store trade. It also worked with charities to distribute perishable items while its cash registers were down to minimize waste.
It's not clear whether Kaseya paid the ransom demand of $70 million. A Kaseya spokesperson told The Guardian that it acquired the decryption key from a "trusted third party".
While some of Kaseya's downstream customers have remediated affected systems, some customers' endpoints have remained offline and could restore systems with the decryption key.
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more