The Kaseya Decryptor
Almost a month after a massive supply-chain ransomware attack struck the Florida-based software provider Kaseya, the company said on Thursday that it has acquired a universal decryption tool to assist clients unlock computers and retrieve their data.
Kaseya came up with a statement informing their customers that on July 21, the company acquired a decryptor for victims of the REvil ransomware and is working to help those who were affected by the attack. As per the available information, the decryptor has been obtained from a third-party and has been working flawlessly so far.
It isn’t clear whether Kaseya paid any ransom. After the attack stroke the software provider, the ransomware group demanded $70 million as ransom – a sum that was later reduced to $50 million. However, shortly after that, all the payment and data leak portals of the gang surprisingly were shut down.
As per the reports, the attack on Kaseya affected over 1,500 networks, and quickly became one of the biggest cybersecurity incidents of this year, affecting everyone who was using Kaseya’s VSA remote management software products.
After the attack, the software provider took the matter seriously and issued fixes for the zero-day vulnerabilities that were used to compromise Kaseya VSA on-premise servers. The unpatched flaws were initially used by the attackers to gain access to additional computers controlled by the VSA software and install the REvil ransomware on them.
In the wake of the attack, which was executed through a software supply chain breach, new questions have been raised about how threat actors have been exploiting the trust customers place in third-party software to install malware. Security experts have also been concerned about how quickly and severely a ransomware attack on a trusted software supply chain provider, such as the one that REvil did, can literally immobilize businesses of all sizes.