Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for decrypting data. The effectiveness of the tool has already been confirmed by the specialists of the information security company Emsisoft.
“Yesterday we received a decoder from a trusted third party and used it successfully on affected clients. We provide technical support for the use of the decoder, ”writes Dana Liedholm, senior vice president of corporate marketing at Kaseya.
Let me remind you that in early July, customers of the MSP solution provider Kaseya suffered from a large-scale attack by the ransomware REvil (Sodinokibi). Then the hackers used 0-day vulnerabilities in the company’s product (VSA) and through them attacked Kaseya’s customers. Currently , patches have already been released for these vulnerabilities .
The main problem was that most of the affected VSA servers were used by MSP providers, that is, companies that manage the infrastructure of other customers. This means that the cybercriminals have deployed the ransomware in thousands of corporate networks . According to official figures, the compromise affected about 60 Kaseya clients, through whose infrastructure hackers were able to encrypt approximately 800-1500 corporate networks.
After this attack, REvil operators demanded a ransom of $ 70 million, and then promised to publish a universal decryptor that can unlock all computers. The group soon “lowered the bar” to $ 50 million.
However, in the end, the hacker group completely ” disappeared from the radar “, and the sites and the entire infrastructure of the REvil ransomware as a whole went offline without explanation. We are talking about a whole network of conventional and darknet sites that are used to negotiate ransom, leaking data stolen from victims and the internal infrastructure of the ransomware. From July 13, 2021, all of them for some reason do not work. As a result, many companies were left without the ability to recover their data, even if they were willing to pay the ransom to hackers.
So far, Kaseya has refused to disclose where this data decryption tool came from, but the company has assured that it is universal and suitable for all affected MSPs and their customers.