BOSTON — Kaseya, the Florida company whose software was exploited in the devastating July 4 weekend ransomware attack, has received a universal key that will decrypt all of the more than 1,000 crippled businesses and public organizations by the global incident.
Kaseya’s spokeswoman, Dana Liedholm, would not say Thursday how the key was obtained or whether a ransom was paid. She only said it was from a “trusted third party” and that Kaseya distributes it to all victims. Cybersecurity firm Emsisoft has confirmed that the key works and provides support.
Ransomware analysts have offered several possible explanations as to why the master key, which can unlock the scrambled data of all attack victims, has now surfaced. They include: Kaseya paid; a government paid; a number of victims pooled funds; the Kremlin seized the key from the criminals and handed it over through intermediaries – or perhaps the main protagonist of the attack was not paid by the gang whose ransomware was used.
The Russian-linked criminal syndicate that provided the malware, REvil, disappeared from the internet on July 13. This likely deprived whoever carried out the attack of revenue because those affiliates shared the ransoms with the syndicates that rent the ransomware to them. During the Kaseya attack, the Syndicate was believed to be overwhelmed with more ransom negotiations than they could handle, and decided to demand $50–70 million for a master key that would unlock all infections.
By now, many victims will have rebuilt their networks or restored them from backups.
It’s a mixed bag, Liedholm said, as some “got completely blocked.” She had no estimate of the cost of damages and would not say whether any lawsuits could have been filed against Kaseya. It is unknown how many victims were able to pay ransoms before REvil died out.
The so-called Kaseya supply chain attack was the worst ransomware attack to date, as it spread through software that companies known as managed service providers use to administer multiple networks. customers, providing software updates and security patches.
President Joe Biden then called his Russian counterpart, Vladimir Putin, to urge him to stop providing a safe haven for cybercriminals whose costly attacks the US government considers a threat to national security. He threatened to make Russia pay the price for its failure to suppress. but did not specify what action the United States might take.
If the universal decryptor of the Kaseya attack was handed over without payment, it wouldn’t be the first time that ransomware criminals have done so. It came after the Conti gang obstructed Ireland’s National Health Service in May and the Russian Embassy in Dublin offered to ‘help with the investigation’.
Comments are closed.