Simply forward of the July 4th vacation weekend, a ransomware assault focused organizations utilizing Kaseya VSA distant administration software program. The outfit behind the assault, REvil, initially requested a $70 million ransom and claimed to have locked down tens of millions of gadgets. That was earlier than REvil immediately went offline on July 13th, disconnecting its servers, abandoning boards, and shutting down a web page on the darkish internet used to speak with victims.
Now, Kaseya says it has obtained a common decryptor from a “third social gathering” that may restore knowledge encrypted throughout the assault. The corporate has not stated the way it got here by this know-how, telling Bleeping Pc that it couldn’t verify or deny any ransom fee had occurred.
On 7/21/2021, Kaseya obtained a decryptor for victims of the REvil ransomware assault, and we’re working to remediate clients impacted by the incident.
We will verify that Kaseya obtained the software from a 3rd social gathering and have groups actively serving to clients affected by the ransomware to revive their environments, with no stories of any drawback or points related to the decryptor. Kaseya is working with Emsisoft to help our buyer engagement efforts, and Emsisoft has confirmed the bottom line is efficient at unlocking victims.
NBC Information reporter Kevin Collier first reported the decryption software’s existence and speculates that one among three sources is probably going behind the important thing: the US authorities, the Russian authorities, or a ransom fee to the attackers.
Kaseya says cybersecurity agency Emsisoft confirmed the restoration software is “efficient,” and now it’s working with victims of the assault to decrypt affected techniques. It’s unknown how a lot assist the software will supply, coming a number of weeks after the assaults, nevertheless it’s higher than nothing.