The ransomware universal decryption tool that the clients of Kaseya used to obtain files held hostage by the REvil gang was leaked in a hacking forum.
Universal Decryption Tool Leaked
Bleeping Computer reported that the universal decryption tool from the Kaseya cyberattack is now available online after it was posted in a hacking forum.
Originally, the same news outlet assumed that the key works for all REvil encrypted files. However, the website noted that it does not work on other attacks by the notorious gang. Instead, the tool exclusively works on the files of the victims of the Kaseya incident.
REVil Cyberattack on Kaseya
The REvil ransomware gang was behind the cyberattack on the VSA remote management application of Kaseya by infiltrating its zero-day vulnerability, which encrypted files from about 1,500 businesses. The large-scale attack has crippled the operation of the Kaseya clients.
The notorious ransomware gang went on to ask for a whopping $70 million as a ransom to give back the encrypted files via a universal decryptor tool. The key is supposed to reverse the actions of the threat actors to the victims by making the files accessible again.
To be precise, as of July 13, there was no trace of the group on the internet. As per CyberScoop, the gang is allegedly behind 42% of the recent ransomware attacks.
It is worth noting that the sudden vanishing act of the notorious gang came a day before the United States, through the senior officials from the White House, and Russia talked about the increasing cases of ransomware.
Ransomware Universal Decryption Tool
However, on July 22, Kaseya finally obtained the description tool to reverse the encryption of their clients' files, albeit the absence of REvil from the internet.
As per The Verge, there are three possibilities as to how Kaseya got hold of the decryptor tool: the U.S., the Russian government, or from REvil itself. However, the IT firm did not confirm nor deny these speculations.
Instead, the Florida-based IT firm noted that they got the key from an unnamed "trusted third party."
Kaseya went on to provide the universal decryption tool to their customers, but there is a catch--the company requires their clients to sign a non-disclosure agreement or NDA. Although NDAs are commonly used in cyberattack events, including them in the process further makes the incident a total mystery.
But yet again, Kaseya kept mum about the report that they are requiring their clients to sign the NDA before obtaining the necessary tool for recovery from the cyberattack.
This article is owned by Tech Times
Written by Teejay Boris