[ad_1]
The software company at the center of a massive ransomware attack this month has obtained a universal key to unlock the files of hundreds of businesses and public organizations crippled by hacking.
Nineteen days after the initial attack on the weekend of July 4, Florida-based IT management vendor Kaseya received the universal key that can unlock the scrambled data of all victims of the attack, thus putting end at worst fallout.
The so-called supply chain attack on Kaseya is called the worst ransomware attack to date because it spread through software that companies, known as managed service providers, use to administer multiple networks. customers, providing software updates and security fixes.
It has affected 800 to 2,000 businesses and organizations – including supermarkets in Sweden and schools in New Zealand whose systems have been frozen for days.
News of the key comes after the Russian-linked criminal syndicate that supplied the malware, REvil, disappeared from the internet on July 13.
The group had asked for $ 50-70 million for a master key that would unlock all infections. It is not known how many victims were able to pay ransoms before REvil went extinct.
Kaseya spokeswoman Dana Liedholm declined to comment on Thursday how the key was obtained or whether a ransom was paid. She only said it was from a “trusted third party” and that Kaseya distributed it to all victims. Cyber security company Emsisoft confirmed that the key is working and providing support.
Ransomware analysts have offered several possible explanations for why the master key has now emerged. It is possible that Kaseya, a government entity or a collective of victims paid the ransom. The Kremlin in Russia may also have seized the key from the criminals and handed it over through intermediaries, experts said.
Hackers could also have handed over the decryptor for the Kaseya attack without payment – a move that would not be unprecedented for ransomware criminals.
By now, many victims will have rebuilt their networks or restored them from backups. But some, Liedholm said, “have been completely blocked”.
Liedholm had no estimate of the cost of the damage and declined to say whether any legal action had been taken against the company.
Obtaining the key was a major step towards recovery after the hack, but Kaseya would likely repair the damage for a while, said Tim Wade, CTO of cybersecurity firm Vectra.
“From a distance, the emergence of a master key may seem more heartwarming than it should,” he said. “The value of speeding up data and service recovery should not be trivialized, but it will not exactly offset the already high cost of these attacks.
“It can have positive results, but as they say, it’s not over until it’s over,” he added.
Joe Biden called on his Russian counterpart, Vladimir Putin, after the hack, to urge him to stop providing safe haven to cybercriminals whose costly attacks the US government sees as a threat to national security. He threatened to make Russia pay the price for its failure to crack down, but did not say what action the United States might take.
[ad_2]
Source link