[ad_1]
Kaseya, the remote management software vendor at the center of a ransomware operation that affected up to 1,500 downstream networks, said it obtained a decryptor that is expected to successfully restore data encrypted in the attack. weekend of July 4th.
Affiliates of REvil, one of the internet’s most vicious ransomware groups, exploited a critical zero-day vulnerability in the VSA remote management product from Kaseya, based in Miami, Florida. The vulnerability, which Kaseya was days away from fixing, allowed ransomware operators to compromise the networks of around 60 customers. From there, the extortionists infected up to 1,500 networks that depended on the 60 clients for services.
Finally, a universal decryptor
“We obtained the decryptor yesterday from a trusted third party and used it successfully on affected customers,” Dana Liedholm, senior vice president of corporate marketing, wrote Thursday morning. “We provide technical support to use the decryptor. We have a team that contacts our clients, and I don’t have more details at this time.
In a private message, threat analyst Brett Callow of security firm Emsisoft said, “We are working with Kaseya to support their customer engagement efforts. We have confirmed that the key is effective in unlocking victims and will continue to provide support to Kaseya and its customers. “
REvil had requested up to $ 70 million for a universal decryptor that would restore the data of all organizations compromised in the mass attack. Liedholm declined to say whether Kaseya paid any money in exchange for the decryption tool. Kaseya has since corrected the zero-day used in the attack.
At this time, it is not publicly known whether Kaseya paid the ransom or received it free of charge from REvil, a law enforcement agency, or a private security company.
In the days following the attack, REvil’s dark web site, along with other infrastructure the group uses to provide technical support and process payments, suddenly went offline. The unexplained exit left victims and researchers worried that the data would remain locked forever, as the only people who could decipher it were gone.
Where is he from?
REvil is one of many ransomware groups that are believed to operate from Russia or another Eastern European country that was once part of the Soviet Union. The group’s disappearance came days after President Joe Biden warned his Russian counterpart Vladimir Putin that if Russia did not curb these ransomware groups, the United States could take unilateral action against them.
Observers have since speculated that either Putin pressured the group to shut up or the group, shaken by all the attention it received from the attack, decided to do so on their own.
Some of the businesses that fell victim to the attack include Swedish grocery chain COOP, Virginia Tech, two towns in Maryland, New Zealand schools and international textile company Miroglio Group.
REvil is also behind a crippling attack on JBS, the world’s largest producer of meat. The breach led JBS to temporarily close some factories.
[ad_2]
Source link