Kaseya Obtained a Working Decryptor For REvil Ransomware

Days after facing the devastating ransomware attack with a domino effect, Kaseya has finally found the solution. As the firm announced recently, Kaseya got a working decryptor for the REvil ransomware.

REvil Ransomware Decryptor

Kaseya has recently confirmed to have obtained a decryptor for the REvil ransomware that attacked its network in early July.

The attackers not only targeted Kaseya during the attack but also exploited zero-day to target Kaseya customers. Consequently, numerous big and small businesses faced data encryption in the incident. The attackers even demanded ransom from the businesses apart from demanding a whopping $70 million to provide a universal decryptor.

After the incident, Kaseya started to fix the bugs in the VSA server that triggered the attack. Until then, it had asked all customers to halt using the culprit VSA server.

That didn’t help much since the attackers still had ample time to target customers before they could shut down VSA servers. And so, thousands of businesses suffered the impact.

It was difficult for businesses to recover their data, particularly after the REvil gang went offline.

Nonetheless, Kaseya has finally got the universal decryptor, according to its recent update. As stated,

We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor.

The firm further confirmed that they collaborated with Emsisoft to facilitate customers, who also confirmed the validity of the decryptor. Hence, now, all Kaseya customers who suffered the blow can finally retrieve their data.

…But, There’s A Catch

While Kaseya has offered the decryptor to all the customers who suffered the ransomware attack for free, there’s a twist. According to a CNN report, the company has asked customers to sign NDAs (non-disclosure agreements).

Though it isn’t unusual otherwise, it certainly is in this case because it might make it difficult to deduce the exact happenings of the incident and the aftermath. Also, what’s weird is that Kaseya has officially remained tight-lipped in this regard.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients