Written by Tonya Riley
About three weeks after the Russian ransomware group REvil attacked Kaseya, the Florida-based IT company received a working decryption key to unlock encrypted files from hundreds of victims, a CyberScoop spokesman confirmed on Thursday.
Dana Liedholm, the company’s senior vice president of marketing, declined to comment on the source of the key, except that it was from a “trusted third party.” She also declined to comment when asked if the company paid to get the key or if it would take a long time to fix all of the clients affected by the attack.
The news was reported first by Kevin Collier of NBC.
Kaseya appreciated the number of companies affected is between 800 and 1,500. Private cybersecurity firms have suggested a higher number as Huntress Labs estimates the number of victims to be closer than 2,000. Sophos Labs identified 145 victims in the United States, including local and state agencies, governments, and small and medium-sized businesses.
Hackers exploited a Kaseya platform used by managed service providers or companies that provide third-party IT services to other organizations. With these companies having administrative privileges on their customers, the number of victims quickly increased beyond Kaseya and its direct customers.
Among the victims are New Zealand schools, the international textile company Miroglio Group, the Swedish food chain COOP and two Maryland cities.
The attack that took place shortly before On the weekend of July 4th, tensions flared up between Washington and Russia, which is suspected of harboring cyber criminals. Russia has denied any involvement in the incident.
Shortly after Kaseya requested a $ 70 million ransom, the group’s online presence went dark. Both the US and Russia deny any knowledge of why the group went offline.
Kaseya released a series of patches on Monday to address the vulnerability that hackers exploited to exploit its software.
#Kaseya #Receives #Decryption #Keys #Victims #Massive #Ransomware #Attack #CyberScoop