The Kaseya company has a decryptor for the REvil ransomware

decryptor for REvil ransomware
Written by Emma Davis

Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company has a universal decryptor at its disposal for all victims of this ransomware.

The effectiveness of the tool has already been confirmed by the specialists of the information security company Emsisoft.

Yesterday we received a decoder from a trusted third party and used it successfully on affected clients. We provide technical support for the use of the decoder.writes Dana Liedholm, senior vice president of corporate marketing at Kaseya.

Let me remind you that in early July, customers of the MSP solution provider Kaseya suffered from a large-scale attack by the ransomware REvil (Sodinokibi). Then the hackers used 0-day vulnerabilities in the company’s product (VSA) and through them attacked Kaseya’s customers. Currently, patches have already been released for these vulnerabilities.

The main problem was that most of the affected VSA servers were used by MSP providers, that is, companies that manage the infrastructure of other customers. This means that the cybercriminals have deployed the ransomware in thousands of corporate networks.

According to official figures, the compromise affected about 60 Kaseya clients, through whose infrastructure hackers were able to encrypt approximately 800-1500 corporate networks.

After this attack, the REvil operators demanded a ransom of $70 million, and then promised to publish a universal decryptor that can unlock all computers. The group soon “lowered the bar” to $50 million.

However, as a result, the hacker group completely “disappeared from the radar“, and the sites and the entire infrastructure of the REvil ransomware as a whole went offline without explaining the reasons. We are talking about a whole network of conventional and darknet sites that are used to negotiate ransom, leaking data stolen from victims and the internal infrastructure of the ransomware. From July 13, 2021, all of them for some reason do not work.

As a result, many companies were left unable to recover their data, even if they were willing to pay the ransom to hackers.

So far, Kaseya has refused to disclose where this data decryption tool came from, but the company has assured that it is universal and suitable for all affected MSPs and their customers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply