[ad_1]
BOSTON (AP) – The Florida company whose software was exploited in the devastating July 4 weekend ransomware attack, Kaseya, has been given a universal key that will decrypt all more than 1,000 businesses and public organizations paralyzed in the global incident.
Kaseya spokeswoman Dana Liedholm declined to comment on Thursday how the key was obtained or if a ransom was paid. She only said it was from a “trusted third party” and that Kaseya distributed it to all victims. Cyber security company Emsisoft confirmed that the key is working and providing support.
Ransomware analysts have offered several possible explanations why the master key, which can unlock the scrambled data of all victims of the attack, has now emerged. They include: Kaseya paid; a paid government; a number of funds pooled for victims; the Kremlin seized the key from the criminals and handed it over to middlemen – or perhaps the main protagonist of the attack was not paid by the gang whose ransomware was used.
The Russian-linked criminal syndicate that supplied the malware, REvil, disappeared from the internet on July 13. This likely deprived whoever carried out the attack of revenue, as these affiliates shared the ransoms with the unions who rented the ransomware from them. During Kaseya’s attack, it was believed that the union was overwhelmed with more ransom negotiations than it could handle, and decided to ask for $ 50-70 million for a master key that would unlock all infections. .
By now, many victims will have rebuilt their networks or restored them from backups.
It’s a mixed bag, Liedholm said, as some “have been completely stranded”. She had no estimate of the cost of the damage and declined to say whether any legal action had been taken against Kaseya. It is not known how many victims were able to pay ransoms before REvil went extinct.
Kaseya’s so-called supply chain attack was the worst ransomware attack yet, as it spread through software that companies known as Managed Service Providers use to administer multiple customer networks. , providing software updates and security fixes.
President Joe Biden then called on his Russian counterpart, Vladimir Putin, to urge him to stop providing safe haven to cybercriminals whose costly attacks the US government considers a threat to national security. He threatened to make Russia pay the price for its failure to crack down. but did not say what action the United States might take.
If the Kaseya Universal Attack Decryptor were handed over without payment, it wouldn’t be the first time ransomware criminals have done so. It came after the Conti gang hampered Ireland’s National Health Service in May and the Russian Embassy in Dublin offered to “help with the investigation.”
[ad_2]
Source link