BOSTON (AP) – Kaseya, a Florida company whose software was exploited in the devastating July 4th ransomware attack over the weekend, has received a universal key that will decrypt all 1,000+ companies and public organizations involved in the global incident were paralyzed.
Kaseya spokeswoman Dana Liedholm did not want to say on Thursday how the key was obtained or whether a ransom was paid. She just said it came from a “trusted third party” and that Kaseya distributed it to all victims. Cybersecurity firm Emsisoft confirmed that the key was working and providing support.
Ransomware analysts offered several possible explanations for why the master key that can unlock the encrypted data of all victims of the attack has now emerged. These include: Kaseya paid; a government paid; a number of victims pooled funds; the Kremlin stole the key from the criminals and handed it over through intermediaries – or perhaps the main attacker was not paid by the gang whose ransomware was being used.
The Russia-affiliated criminal syndicate that delivered the REvil malware disappeared from the Internet on July 13. This likely robbed whoever carried out the attack because these partners shared the ransom with the syndicates who leased them the ransomware. The Kaseya attack believed the Syndicate was overwhelmed by more ransom negotiations than it could handle and decided to charge $ 50 million to $ 70 million for a passkey that would unlock all infections.
Many victims have since rebuilt their networks or restored them from backups.
It is a mixed bag, said Liedholm, because some were “completely blocked”. She had no estimate of the cost of the damage and was unwilling to comment on whether there might be any lawsuits against Kaseya. It’s not clear how many victims paid ransom before REvil went dark.
The so-called supply chain attack by Kaseya was the worst ransomware attack to date, as it spread via software that companies, so-called managed service providers, use to manage multiple customer networks and provide software updates and security patches.
President Joe Biden then called his Russian counterpart Vladimir Putin to urge him not to provide a safe haven for cyber criminals whose costly attacks the US government sees as a national security threat. He has threatened to make Russia pay a price for not being tough, but has not specified what action the US could take.
If the universal decryptor for the Kaseya attack were passed on for free, it wouldn’t be the first time ransomware criminals have done it. It came after the Conti gang interfered with Ireland’s national health service in May and offered the Russian embassy in Dublin to “help with the investigation”.
#Kaseya #receives #master #decryption #key #July #4th #global #attack