19 days after REvil ransomware attack on Kaseya VSA systems, there is a fix – .

19 days after REvil ransomware attack on Kaseya VSA systems, there is a fix – .

Just before the July 4th bank holiday weekend, a ransomware attack targeted organizations using Kaseya VSA remote management software. The company behind the attack, REvil, initially demanded a ransom of $ 70 million and claimed to have locked down millions of devices. This was before REvil suddenly went offline on July 13, taking its servers offline, abandoning forums and shutting down a page on the dark web used to communicate with victims.

Now Kaseya says she has obtained a universal decryptor from a “third party” that can restore data encrypted during the attack. The company did not say how it came to be with this technology, saying Beeping computer that he could not confirm or deny that no ransom payment had taken place.

On 7/21/2021, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we are working to address issues for customers affected by the incident.

We can confirm that Kaseya obtained the tool from a third party and that teams are actively helping customers affected by the ransomware to restore their environments, with no reports of any issues or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed that the key is effective in unlocking victims.

NBC News reporter Kevin Collier first reported the existence of the decryption tool and speculate that one of the three sources is probably behind the key: the US government, the Russian government or a ransom payment to the attackers.

Kaseya says cybersecurity firm Emsisoft has confirmed that the recovery tool is “effective”, and that it is now working with victims of the attack to decrypt affected systems. It is not known how much help the tool will offer, several weeks after the attacks, but it is better than nothing.


Please enter your comment!
Please enter your name here