Kaseya is at present serving to to revive the techniques of shoppers whose networks have been nonetheless locked down by REvil’s software program, it mentioned.
“I can confirm we have received a decryptor and are currently working to assist the customers impacted by the attack,” mentioned Kaseya spokesperson Dana Liedholm. “We can’t share the source but can say it’s from a trusted third party.”
Liedholm declined to reply additional questions on whether or not the decryptor key had been reverse-engineered from the REvil malware.
Brett Callow, a menace analyst on the cybersecurity agency Emsisoft, mentioned his agency had verified the effectiveness of the key at restoring sufferer knowledge.
“We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers,” Callow advised NCS.
The Kaseya attack
has been known as one of many largest ransomware assaults in historical past. On July 2, hackers affiliated with REvil — a cybercriminal gang that’s believed to function out of Eastern Europe or Russia — used Kaseya’s distant administration instruments to ship malicious software program to Kaseya’s prospects that encrypted their knowledge and locked them out.
It remains to be unclear how the attackers managed to achieve entry to Kaseya’s product.
Many of Kaseya’s prospects are IT help companies that assist small companies resembling dentists’ workplaces, native eating places and accounting companies with their data know-how wants. When the help companies have been hit, their very own prospects have been additionally affected, prompting Kaseya to estimate later that as many as 1,500 organizations
worldwide could have been compromised by the ransomware.
REvil issued an eye-popping $70 million ransom demand in trade for a decryptor key that would unlock all the affected techniques directly. But whilst some corporations have been nonetheless reeling from the attack, REvil vanished from the internet
— with most of its web sites going darkish.
The group’s mysterious disappearance final week has sparked hypothesis as to its destiny. The US authorities has steadfastly declined to say whether or not it performed a job, although the Biden administration has vowed to crack down
on ransomware. And, in the case of Colonial Pipeline, US legislation enforcement officers have been in a position to observe and get better a number of the cash the corporate paid to its ransomware attackers — a bunch often known as DarkSide that has additionally since disappeared.