Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Kaseya Obtains Universal Decryptor for Ransomware Attack Victims

IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files.

IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files.

In early July, cybercriminals exploited vulnerabilities in a Kaseya product to deliver ransomware to MSPs who had been using that product, as well as to the customers of those MSPs. The company estimated that between 800 and 1,500 organizations received the ransomware, although some experts believe the actual number could be higher.

Tha attackers delivered the REvil ransomware, which encrypted files on compromised systems and asked victims to pay a ransom to recover them. However, victims that have not already paid up will now get help from Kaseya, after the company obtained a “universal decryptor key.”

“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” Kaseya said.

It’s unclear how Kaseya got the decryptor, but the company said it was obtained from a “trusted third party.” Cybersecurity company Emsisoft verified the decryptor and confirmed that it works properly, Kaseya said.

It’s worth noting that the attackers also offered a universal decryptor that could allegedly be used to recover all encrypted files. They initially asked for $70 million for the universal decryptor, but some reports said the amount was later brought down to $50 million.

The Tor-based website used by the REvil ransomware gang to name victims and leak stolen data went offline roughly ten days after the attack on Kaseya, and it’s currently still down.

Advertisement. Scroll to continue reading.

Due to the fact that the ransomware was delivered to victims via Kaseya software and it immediately started encrypting their data, the cybercriminals did not get a chance to steal information from compromised systems, as they did in past attacks. In addition, the ransomware in many cases failed to delete backups before encrypting files, which has apparently led to a majority of victims not paying the ransom demanded by the hackers.

After some delays, Kaseya released patches for the vulnerabilities exploited in the attack. The company had been aware of at least some of the flaws, but failed to patch them before the attack was launched.

While it has been described as one of the worst ransomware attacks ever, Kaseya has attempted to downplay the incident. It also came to light that this wasn’t the first time the company was targeted by hackers, and some claimed that in some cases the company did not treat cybersecurity issues as seriously as it should have.

Related: Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack

Related: Emails Offering Kaseya Patches Deliver Malware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...