Kaseya’s universal key can free the files of hundreds of organizations, ending the worst of the attack’s fallout.
Kaseya has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident.
Kaseya spokeswoman Dana Liedholm would not say Thursday how the key was obtained or whether a ransom was paid. She said only that it came from a “trusted third party” and that Kaseya was distributing it to all victims. The cybersecurity firm Emsisoft confirmed that the key worked and was providing support.
Cybersecurity researchers offered many explanations for why the master key has now appeared, including: Kaseya paid, a government paid, a number of victims pooled funds; the Kremlin seized the key from the criminals and handed it over through intermediaries, or perhaps the main attack didn't get paid by the gang whose ransomware was used.
Ivan Righi, Cyber Threat Intelligence Analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, explains, "The supply-chain attack on Kaseya was initially discovered on July 2, 2021, when multiple managed service providers (MSPs) began reporting infections of the Sodinokibi ransomware. Two days later, REvil (aka Sodinokibi) made a post on "Happy Blog", the dark web site for the group, claiming responsibility for the attack. REvil stated that it had infected one million systems, and it requested USD 70 million in Bitcoin for a master decryption key. The group claimed that the universal decryptor would allow victims to recover from the attack in less than an hour."
Kaseya has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident.
Kaseya spokeswoman Dana Liedholm would not say Thursday how the key was obtained or whether a ransom was paid. She said only that it came from a “trusted third party” and that Kaseya was distributing it to all victims. The cybersecurity firm Emsisoft confirmed that the key worked and was providing support.
Cybersecurity researchers offered many explanations for why the master key has now appeared, including: Kaseya paid, a government paid, a number of victims pooled funds; the Kremlin seized the key from the criminals and handed it over through intermediaries, or perhaps the main attack didn't get paid by the gang whose ransomware was used.
Ivan Righi, Cyber Threat Intelligence Analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, explains, "The supply-chain attack on Kaseya was initially discovered on July 2, 2021, when multiple managed service providers (MSPs) began reporting infections of the Sodinokibi ransomware. Two days later, REvil (aka Sodinokibi) made a post on "Happy Blog", the dark web site for the group, claiming responsibility for the attack. REvil stated that it had infected one million systems, and it requested USD 70 million in Bitcoin for a master decryption key. The group claimed that the universal decryptor would allow victims to recover from the attack in less than an hour."
