Back on July 2, the Russian ransomware group REvil launched a massive attack on IT management software giant Kaseya, as well as its customers and their customers. The group exploited vulnerabilities in Kaseya’s software to send updates to computer networks, allowing it to distribute ransomware to 1,500 businesses and organizations around the world. Most are just small businesses, and some of the victims in New Zealand are schools that are not your typical ransomware targets. Now Kasei has announced that he received a universal decoder and will help those who “suffered from the incident.”
REvil originally demanded a payment of $ 70 million for a universal decryptor that unlocks data belonging to victims of the July 2 attack. However, in mid-July, the group suddenly disappeared from the face of the Internet. The critical sites he uses to communicate with victims disappeared shortly after President Biden revealed that he had spoken with Russian President Vladimir Putin about ransomware attacks emanating from his country. It is still unclear if the group disappeared from the Internet as a result of these conversations, an offensive cyber operation carried out by the US authorities, or something else.
In a statement, Kaseya said it “received the tool from a third party” and that it worked with software company Emsisoft to confirm that it could unblock the victims’ data. He also said that he has formed groups to actively help “clients affected by ransomware viruses rebuild their environments,” and that his representatives will contact clients who have not yet heard from the company.
When BleedingComputer asked Kaseya if she paid the ransom for the key, the company replied that it “cannot confirm or deny it.” The publication also asked the FBI if it was involved in obtaining the decryption key, but the agency declined to comment on the ongoing investigation. This means that the origin of the key is still a mystery, although we doubt its source matters to victims who simply want access to their locked data.
All Engadget recommended products are selected by our editorial team, independent of our parent company. Some of our stories contain affiliate links. If you buy something from one of these links, we may receive an affiliate commission.