Articles Kaseya now has a decryptor for REvil

Kaseya now has a decryptor for REvil


Representatives of the Kaseya company, whose clients have recently suffered from attacks by the ransomware REvil, said that the company now has a universal tool for decrypting data. The effectiveness of the tool has already been confirmed by the specialists of the information security company Emsisoft.

“Yesterday we received a decoder from a trusted third party and used it successfully on affected clients. We provide technical support for the use of the decoder, ”writes Dana Liedholm, senior vice president of corporate marketing at Kaseya.

Let me remind you that in early July, customers of the MSP solution provider Kaseya  suffered from a large-scale attack by the  ransomware REvil (Sodinokibi). Then the hackers used 0-day vulnerabilities in the company’s product (VSA) and through them attacked Kaseya’s customers. Currently , patches have already been released for these vulnerabilities .

The main problem was that most of the affected VSA servers were used by MSP providers, that is, companies that manage the infrastructure of other customers. This means that the cybercriminals have deployed the ransomware  in thousands of corporate networks . According to official figures, the compromise affected about 60 Kaseya clients, through whose infrastructure hackers were able to encrypt approximately 800-1500 corporate networks.

After this attack, REvil operators demanded a ransom of $ 70 million, and then promised to publish a universal decryptor that can unlock all computers. The group soon “lowered the bar” to $ 50 million.

However, in the end, the hacker group completely ” disappeared from the radar “, and the sites and the entire infrastructure of the REvil ransomware as a whole went offline without explanation. We are talking about a whole network of conventional and darknet sites that are used to negotiate ransom, leaking data stolen from victims and the internal infrastructure of the ransomware. From July 13, 2021, all of them for some reason do not work. As a result, many companies were left without the ability to recover their data, even if they were willing to pay the ransom to hackers.

So far, Kaseya has refused to disclose where this data decryption tool came from, but the company has assured that it is universal and suitable for all affected MSPs and their customers.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you