BREAKING – Kaseya received the decryption key for the massive ransomware attack earlier this month, but the company won’t say how else it came from a “trusted third party.”

The provider of IT management software has announced a supply chain attack on July 2, which put approximately 60 of its Managed Service Provider (MSP) customers and up to 1,500 MSP customers at risk. Ransomware gang exploited REvil Zero-day vulnerabilities in Kaseya’s endpoint management and network monitoring product VSA and used these exploits to send malicious updates that facilitated the massive ransomware attack.

NBC News reporter Kevin Collier Tweeted Thursday that Kaseya had received the decryption key “from a trusted third party” the day before – 19 days after the first attack – and was working with customers.

A Kaseya spokesperson confirmed in an email to SearchSecurity that Kaseya had received the key from an unnamed third party and that “we worked with our customers immediately after validation”. The spokesman declined to answer questions about whether the receipt of the key was a ransom payment from Kaseya or a third party acting on their behalf, or whether they were allowed to provide additional information about the third party; the speaker cited “confidentiality reasons”.

REvil had originally requested a demand $ 70 million ransom for a unique, universal decryptor for all affected victims.

After the attack, Kaseya did struggled to get VSA back online. Partly due to the recovery process and partly to increase the security of the product prior to the relaunch, the vendor missed the scheduled re-deployment window of July 7th and finally re-released VSA on July 11th along with local and SaaS patches Fred Voccola called the delay “probably the hardest decision I had to make in my career”.

A full history of the updates is available on Kaseya’s attack information page.

Reporting in progress – full story to follow.

Alexander Culafi is a writer, journalist and podcaster from Boston.

Source link
#Kaseya #received #ransomware #decryptor #trusted #party

Leave a Reply