The ransomware universal decryption tool that the clients of Kaseya used to obtain files held hostage by the REvil gang was leaked in a hacking forum.

Ransomware Universal Decryption Tool from REvil’s Cyberattack on Kaseya Leaks on Hacking Forum
(Photo : by Adam Berry/Getty Images)
BERLIN, GERMANY - DECEMBER 27: A participant looks at lines of code on a laptop on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. (Photo

Universal Decryption Tool Leaked

Bleeping Computer reported that the universal decryption tool from the Kaseya cyberattack is now available online after it was posted in a hacking forum. 

Originally, the same news outlet assumed that the key works for all REvil encrypted files. However, the website noted that it does not work on other attacks by the notorious gang. Instead, the tool exclusively works on the files of the victims of the Kaseya incident. 

REVil Cyberattack on Kaseya

The REvil ransomware gang was behind the cyberattack on the VSA remote management application of Kaseya by infiltrating its zero-day vulnerability, which encrypted files from about 1,500 businesses. The large-scale attack has crippled the operation of the Kaseya clients.

The notorious ransomware gang went on to ask for a whopping $70 million as a ransom to give back the encrypted files via a universal decryptor tool. The key is supposed to reverse the actions of the threat actors to the victims by making the files accessible again.

After that demand, REvil, one of the most prolific ransomware gangs, disappeared into thin air.

To be precise, as of July 13, there was no trace of the group on the internet. As per CyberScoop, the gang is allegedly behind 42% of the recent ransomware attacks.

It is worth noting that the sudden vanishing act of the notorious gang came a day before the United States, through the senior officials from the White House, and Russia talked about the increasing cases of ransomware.

Read Also: Ransomware Roundup: Cl0p Releases New Stolen Data; EU, US to Team Up Against Attacks

Ransomware Universal Decryption Tool

However, on July 22, Kaseya finally obtained the description tool to reverse the encryption of their clients' files, albeit the absence of REvil from the internet.

As per The Verge, there are three possibilities as to how Kaseya got hold of the decryptor tool: the U.S., the Russian government, or from REvil itself. However, the IT firm did not confirm nor deny these speculations.

Instead, the Florida-based IT firm noted that they got the key from an unnamed "trusted third party."

Kaseya went on to provide the universal decryption tool to their customers, but there is a catch--the company requires their clients to sign a non-disclosure agreement or NDA. Although NDAs are commonly used in cyberattack events, including them in the process further makes the incident a total mystery.

But yet again, Kaseya kept mum about the report that they are requiring their clients to sign the NDA before obtaining the necessary tool for recovery from the cyberattack.

Related Article: Hacking Epidemic: Over Seven Ransomware Attacks Per Hour - America's Biggest Security Threat

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2021 All rights reserved. Do not reproduce without permission.