Kaseya, a Florida company whose software was exploited during the catastrophic Fourth of July weekend ransomware attacks, has been issued a universal key which will allow them to decrypt all of the over 1,000 public and private organizations that were affected by the global incident.
Dana Liedholm, a Kaseya spokeswoman, would not reveal Thursday’s details about how the key was obtained nor whether any ransom was paid. She stated that the key was obtained from a trusted third party and that Kaseya would distribute it to all victims. __S.4__
Ransomware analysts have offered several possible explanations as to why the master key that unlocks the scrambled data for all victims of the attack has appeared. These include Kaseya paying; a government paying; a group of victims pooled money; the Kremlin took the key from criminals and gave it over through intermediaries — perhaps the main attacker wasn’t paid by the ransomware.
REvil, a Russian-linked criminal syndicate, was taken off the internet on July 13. This likely meant that the attacker was not able to make any income as the affiliates of the Russian-linked criminal syndicate, REvil, disappeared from the internet on July 13. The Kaseya attack saw the syndicate being overwhelmed by ransom negotiations and decided to pay $50 million to $70 millions for a master key to unlock all infections.
Many victims will have either rebuilt or restored their networks from backups by now.
Liedholm stated that it’s a mixed bag because some victims are “in complete lockdown”. She did not have an estimate of the damages and could not comment on whether Kaseya has been sued. It’s not known how many ransoms victims paid before REvil went black.
Because it was spread via software companies called managed service providers, the so-called supply chain attack of Kaseya was one of the most severe ransomware attacks to date. It delivered security patches and software updates to multiple customers.
Afterward, President Joe Biden called Vladimir Putin to demand that he stop providing safe haven to cybercriminals who are launching costly attacks on the U.S. national security. While he threatened Russia to take action if they fail to do so, he has not yet specified the U.S. measures that they may take.
It would not be the first time that ransomware criminals had turned over the universal decryptor used in the Kaseya attack without paying. The incident occurred after Conti’s gang hampered Ireland’s national healthcare service in May. The Russian Embassy in Dublin offered to assist with the investigation.