Kaseya helps nearly 1,500 compromised customers unlock ransom money after receiving a universal decryption key on Wednesday 19 days after devastating REvil ransomware attack.

“We can confirm that Kaseya received the tool from a third party and that teams are actively helping customers affected by the ransomware restore their environments without reporting any issues or issues related to the decryptor,” the company wrote in an update to his website. “Kaseya is working with Emsisoft to support our customer loyalty efforts, and Emsisoft has confirmed that the key is effective in unlocking victims.”

The company declined to answer media questions about the third party’s identity, whether a ransom was paid to obtain the key, and whether the decryptor worked in all cases. REvil issued the biggest ransom note ever two days after the attack and on July 4th offered to decrypt all victims of the Kaseya ransomware attack in exchange for $ 70 million. REvil’s online presence has now disappeared.

[Related: Kaseya Was Warned In April Of Vulnerability Exploited By REvil Gang]

The latest development was first reported on Twitter by Kevin Collier of NBC News on Thursday at 11:29 pm ET. Kaseya said it will provide updates on its troubleshooting efforts with the decryptor as more details become available.

Businesses have become increasingly willing to pay ransom in recent months, with Colonial Pipeline paying Darkside $ 4.3 million in May in hopes of getting its 5,500-mile pipeline back up and running sooner. And meat packaging giant JBS paid REvil $ 11 million to protect the company’s meat factories from further disruption and limit the potential impact on restaurants, grocery stores, and farmers.

The REvil gang launched one of the biggest ransomware heists on July 2nd by exploiting a vulnerability in Kaseya’s local VSA remote monitoring and management tool to compromise nearly 60 MSPs, encrypt data and make ransom payments of up to 1,500 of their ends to charge user customers.

Kaseya said the cyber criminals were able to exploit vulnerabilities in their VSA tool to pass authentication and execute arbitrary commands. This enabled REvil to leverage the standard functionality of the VSA product and deploy ransomware on customer endpoints.

The cyber attack left more than 36,000 MSPs without access to Kaseya’s flagship VSA product for almost 10 days while the company worked on a patch for the local version of VSA and kept the more popular SaaS version of VSA offline. Third-party engineers and consultants, as well as in-house IT staff, suggested protecting VSA from unforeseen problems with additional layers of protection.

“The fact that we had to turn VSA off is very disappointing to me personally,” Voccola said in an emotional video posted on Kaseya’s website at 2:45 pm ET on July 8th Company Down, [and] our company has let you down. And that won’t go away. “

Former Kaseya software developers and developers said they had warned Kaseya executives for years about dangerous security flaws in its products, but those concerns have never been completely addressed. Bloomberg said July 10th July. Some employees who reported Kaseya’s security issues gave up in frustration that newer features and products were being given priority over fixing the issues or were fired for inaction, Bloomberg reported.

The biggest security issues at Kaseya included outdated code, weak encryption and passwords in products, and a general failure to meet basic cybersecurity requirements, including the constant patching of its software and servers, according to Bloomberg, who refused to identify the former employees due to nondisclosure agreements.

A researcher from the Netherlands Institute for Vulnerability Disclosure (DIVD) discovered seven vulnerabilities in Kaseya’s VSA product in early April and notified the company of the errors less than a week later. Eighty-seven days later, REvil took advantage of a bug reported by DIVD that was still not fixed.

“We were in a coordinated vulnerability disclosure process with the provider while this was happening,” DIVD’s Victor Gevers wrote on Twitter. “The CVEs [descriptions of the vulnerabilities] were ready for publication; the patches have been made and prepared for distribution; and we have assigned all online instances to speed up the process. “

.

Source link
#Kaseya #Receives #REvil #Ransomware #Decryption #Keys #Victims

Leave a Reply