Kaseya, a Florida-based IT company that found itself at the center of a REvil ransomware attack at the beginning of the month, has obtained a decryptor key that can restore encrypted data from the attack. According to an announcement on Kaseya's website, the company obtained the tool from a third party source. 

"We're working to remediate customers impacted by the incident," reads the announcement. Kaseya also said that it has "teams actively helping customers affected by the ransomware to restore their environments."

The Florida-based IT company has also received confirmation from a partner it is working with that the universal encryptor is "effective at unlocking victims."

Kaseya Obtains Universal Decryptor: Where Did It Come From?

Cybersecurity
(Photo : Darwin Laganzon from Pixabay)

Kaseya has not specified where it got the universal decryptor from, but speculation has arisen over who the third party source may be. 

According to The Verge, NBC reporter Kevin Collier has speculated that the universal decryptor came from one of these three possibilities: the U.S. government, the Russian government, or the ransomware attackers themselves. 

Kaseya has not confirmed or denied if a ransom has been paid to those behind the cyberattack.

Whatever the case may be, the decryptor is working. There have also been no reports of "any problems or issues associated with the decryptor," according to Kaseya. 

Kaseya Ransomware Attack: What Happened

5
(Photo : Kaseya Official Webpage)
Kaseya

Just before the 4th of July, the Kaseya ransomware attack took place and affected at least 1,000 companies. The cyberattack made use of the Kaseya VSA remote management software. 

Reports at that time stated that the ransomware attack affected companies and organizations in at least 17 countries, including Mexico, South Africa, New Zealand, Canada, and the United Kingdom.

The Russian group behind the Kaseya ransomware attack, REvil, eventually asked for $70 million to decrypt the affected systems in the attack. 

U.S. President Joe Biden has launched a federal probe on the Kaseya attack. President Biden has also issued a warning against Russian President Vladimir Putin regarding the cyberattacks connected to Russian groups. 

Related Article: REvil Ransomware Believed to be Responsible For Kaseya Cyberattack Involving At Least 200 Companies

REvil Goes Offline

As of July 13, REvil, the notorious Russian group behind infamous cyberattacks, has gone offline, catching governments and firms around the world by surprise. 

According to the report by The Verge, REvil suddenly disconnected its servers and abandoned its forums. The group behind the Kaseya ransomware attack has also shut down "a page on the dark web used to communicate with victims."

The sudden disappearance happened just a day before U.S. and Russian officials were set to discuss the recent cyberattacks. 

Speculations about the sudden disappearance have arisen since July 13. These speculations include a crackdown on the group either by the U.S., Russia, or another country and the possible retirement of REvil owing to the fact that they already had millions in ransom paid. 

Also Read: REvil, Russia's Notorious Ransomware Group, Disappeared Without a Trace

This article is owned by Tech Times

Written by Isabella James

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion