Kaseya gets master decryptor to help customers still suffering from REvil attack

Dan Goodin

from Ars Technica - All content on 2021-07-22 20:12 (#5MG7A)

Kaseya-the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks-said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack.

Affiliates of REvil, one of the Internet's most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya's VSA remote management product. The vulnerability-which Kaseya was days away from patching-allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services.

Finally, a universal decryptor

We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers," Dana Liedholm, senior VP of corporate marketing, wrote in an email on Thursday morning. We are providing tech support to use the decryptor. We have a team reaching out to our customers, and I don't have more detail right now."

Read 8 remaining paragraphs | Comments

index?i=9KgyAovmH7Y:uf8zgXQafJI:V_sGLiPB

index?i=9KgyAovmH7Y:uf8zgXQafJI:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/