"Kaseya Obtains Universal Decryptor for REvil Ransomware"

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator (VSA) platform, affected Kaseya customers in 22 countries using the on-premises version of the platform, many of which are managed service providers (MSPs) who use VSA to manage the networks of other businesses. In addition to the 60 direct customers, around 1,500 downstream customers of those MSPs were also affected. The VSA software is used by Kaseya customers to monitor and manage software and network infrastructure remotely. Late on Thursday afternoon, the vendor announced via its rolling advisory on the incident that it had obtained the decryptor “through a third party.” It is unclear if the ransom of $50 million was paid to receive the decryptor. Kaseya is working with Emsisoft, and Emsisoft has confirmed the key is effective at unlocking victims. Kaseya stated that their representatives will contact customers who the ransomware has impacted. Even though the master decryption key has been acquired, researchers warn that the attack should not be considered over. For one thing, REvil is known for its double-extortion attacks, where company data is stolen in addition to being hit with ransomware. The researcher stated that the group may still have copies of data stolen from victims, and the group could use this data to extort victims or auction off the data, as it has done in the past on its website, Happy Blog.

Threatpost reports: "Kaseya Obtains Universal Decryptor for REvil Ransomware"