Just before the holiday weekend on July 4, ransomware attack on targeted organizations using Kaseya VSA remote management software. The outfit behind the attack, REvil, at first asked for a $ 70 million ransom and claimed to lock millions of devices. It happened before REvil suddenly went offline on July 13, disconnected the servers, abandoned the forums, and closed the page on a dark network used to communicate with the victims.
Now Kaseya says it has got a universal encryption press from a third party that can recover encrypted data during the attack. The company has not told how it came with this technology Sleeping computer that it could not confirm or deny the payment of ransom.
7/21/2021 Kaseya acquired a decryption program for the victims of the REvil ransomware attack, and we are working to improve the customers affected by the incident.
We can confirm that Kaseya acquired the tool from a third party and that it has Teams that actively assist customers subject to the ransom program to restore their environment without reports of decryption issues or problems. Kaseya is working Emsisoft support our customer relationships, and Emsisoft has confirmed that the key is effective in unlocking victims.
NBC News editor Kevin Collier first announced the existence of a decryption tool and speculate that one of the three sources is probably behind the key: the U.S. government, the Russian government, or a ransom pay for the attackers.
Kaseya says cybersecurity company Emsisoft confirmed that the recovery tool is “effective” and is now working with victims of the attack to decrypt it. It is not known how much help the tool will provide several weeks after the attacks, but it is better than nothing.