Kaseya is presently serving to to revive the programs of consumers whose networks have been nonetheless locked down by REvil’s software program, it mentioned.
“I can confirm we have received a decryptor and are currently working to assist the customers impacted by the attack,” mentioned Kaseya spokesperson Dana Liedholm. “We can’t share the source but can say it’s from a trusted third party.”
Liedholm declined to reply additional questions on whether or not the decryptor key had been reverse-engineered from the REvil malware.
Brett Callow, a risk analyst on the cybersecurity agency Emsisoft, mentioned his agency had verified the effectiveness of the important thing at restoring sufferer knowledge.
“We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers,” Callow instructed CNN.
Underscoring that time, Drew Schmitt, principal risk intelligence analyst at GuidePoint Security, mentioned that though he isn’t concerned with the state of affairs at Kaseya, he is assured the important thing ought to work.
“There are very limited circumstances where I’ve obtained a decryptor during a negotiation and found out it either doesn’t work or found some major problem with it,” Schmitt mentioned. “The percentage of cases or incidents where the decryptor just flat-out doesn’t work is really, really low and is closer to zero than anything.”
The Kaseya attack has been referred to as one of many largest ransomware assaults in historical past. On July 2, hackers affiliated with REvil — a cybercriminal gang that’s believed to function out of Eastern Europe or Russia — used Kaseya’s distant administration instruments to ship malicious software program to Kaseya’s prospects that encrypted their knowledge and locked them out.
It continues to be unclear how the attackers managed to realize entry to Kaseya’s product.
Many of Kaseya’s prospects are IT help companies that assist small companies comparable to dentists’ workplaces, native eating places and accounting companies with their data know-how wants. When the help companies have been hit, their very own prospects have been additionally affected, prompting Kaseya to estimate later that as many as 1,500 organizations worldwide might have been compromised by the ransomware.
REvil issued an eye-popping $70 million ransom demand in change for a decryptor key that would unlock the entire affected programs without delay. But whilst some firms have been nonetheless reeling from the assault, REvil vanished from the internet — with most of its web sites going darkish.
The group’s mysterious disappearance final week has sparked hypothesis as to its destiny. The US authorities has steadfastly declined to say whether or not it performed a job, although the Biden administration has vowed to crack down on ransomware. And, within the case of Colonial Pipeline, US regulation enforcement officers have been capable of observe and get better a few of the cash the corporate paid to its ransomware attackers — a gaggle referred to as DarkSide that has additionally since disappeared.