Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

    aum

    By aum,
    Published Date:

    • 423 views
    • 2 minutes
     Share
    • 423 views
    • 2 minutes

    Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

     

    Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data.

     

    "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the incident," the company said in a statement. "Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor."

     

    It's not immediately unclear if Kaseya paid any ransom. It's worth noting that REvil affiliates had demanded a ransom of $70 million — an amount that was subsequently lowered to $50 million — but soon after, the ransomware gang mysteriously went off the grid, shutting down their payment sites and data leak portals.

     

    The incident is believed to have infiltrated as many as 1,500 networks that relied on 60 managed service providers (MSPs) for IT maintenance and support using Kaseya's VSA remote management product as an ingress point for what has turned out to be one of the "most important cybersecurity event of the year."

     

    The information technology firm has since released patches for the zero-days that were exploited to gain access to Kaseya VSA on-premise servers, using the foothold to pivot to other machines managed through the VSA software and deploy a version of the REvil ransomware.

     

    The fallout from the attack, waged through a breach in the software supply chain, has raised new concerns about how threat actors are increasingly abusing the trust associated with third-party software to install malware, not to mention underscore the swift damage caused by ransomware attacks on trusted supply-chain providers, paralyzing hundreds of small and medium-sized businesses and causing havoc at scale with just one exploit.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...