The Kaseya company has a decryptor for the REvil ransomware

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company has a universal decryptor at its disposal for all victims of this ransomware.

Let me remind you that in early July, customers of the MSP solution provider Kaseya suffered from a large-scale attack by the ransomware REvil (Sodinokibi). Then the hackers used 0-day vulnerabilities in the company’s product (VSA) and through them attacked Kaseya’s customers. Currently, patches have already been released for these vulnerabilities.

The main problem was that most of the affected VSA servers were used by MSP providers, that is, companies that manage the infrastructure of other customers. This means that the cybercriminals have deployed the ransomware in thousands of corporate networks.

According to official figures, the compromise affected about 60 Kaseya clients, through whose infrastructure hackers were able to encrypt approximately 800-1500 corporate networks.

After this attack, the REvil operators demanded a ransom of $70 million, and then promised to publish a universal decryptor that can unlock all computers. The group soon “lowered the bar” to $50 million.

However, as a result, the hacker group completely “disappeared from the radar“, and the sites and the entire infrastructure of the REvil ransomware as a whole went offline without explaining the reasons. We are talking about a whole network of conventional and darknet sites that are used to negotiate ransom, leaking data stolen from victims and the internal infrastructure of the ransomware. From July 13, 2021, all of them for some reason do not work.

As a result, many companies were left unable to recover their data, even if they were willing to pay the ransom to hackers.

So far, Kaseya has refused to disclose where this data decryption tool came from, but the company has assured that it is universal and suitable for all affected MSPs and their customers.