After the breach of remote management software company Kaseya and the thousands of clients downstream from it by REvil ransomware, the perpetrators disappeared abruptly leaving many victims in the lurch. Good news has arrived as Kaseya appears to have received a decryption key nearly three weeks into the attack.
Kaseya won’t say exactly how it came by the decryption key, save that it came from a “third party.” But it is actively working to get in touch with customers impacted by the ransomware, and thus far has not heard of any issues with its use to unlock systems.
Kaseya decryption key solves rough situation for thousands of businesses
The Kaseya ransomware attack struck at a particularly inopportune time, just ahead of a long July 4 weekend in the United States when IT staff would be heading off duty for at least three days. Compromising the company’s VSA service, used in turn by many managed service providers who in turn have a high degree of access to their individual business clients, the REvil ransomware quickly spread to tens of thousands of businesses.
The situation became even worse on July 13 as REvil suddenly pulled up stakes and disappeared entirely from the web. Hardly a strange move for a ransomware gang that pulls off such a major and damaging heist, but they generally finish conducting their business and collecting their money before vanishing. The REvil ransomware group shut down all of its dark web points of contact (including its “Happy Blog”) and stopped communicating with victims right in the middle of negotiations to make payments and unlock systems, leaving many companies in the lurch.