Kaseya Ransomware Saga Mysteriously Comes to an End
Kaseya, the cloud supplier on the heart of a gargantuan ransomware attack on a whole lot of companies, introduced this week that it had some excellent news: Somehow, it had come into possession of a “universal decryptor” to unlock all the knowledge affected by the current hack.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” the corporate mentioned in a statement put out Thursday.
The query stays, nonetheless: Where did that decryptor come from?
To review, the corporate was hit with ransomware this July 4 weekend and the Russian-speaking cybercriminal gang REvil subsequently claimed duty. The assault contaminated not simply Kaseya however its consumer base, which, in flip, contaminated its consumer’s shoppers—finally affecting some 1,500 companies worldwide.
REvil subsequently demanded $70 million in change for a common decryption key to unlock all the victims’ knowledge.
However, in a shocking twist, the gang then proceeded to disappear from the web. Indeed, lower than two weeks after REvil made its ransom demand, practically all traces of the cybercriminal group vanished from the web, together with its web site and cost portal.
Now, by some means, Kaseya says it has managed to get ahold of the common decryption key, although it hasn’t explicitly mentioned how that occurred.
When requested by Gizmodo the place the important thing got here from, a Kaseya spokesperson reiterated that it had come from “a trusted third party.” When requested whether or not the corporate paid for the important thing, the spokesperson mentioned that the corporate couldn’t “comment to your question around payment.”
Even if the corporate had doled out the huge ransom, it’s not completely clear how or when an change would’ve occurred—since REvil has since “gone dark.” However, there are a pair theories floating round as to what might have occurred.
Some consultants have puzzled whether or not the Russian authorities “might have seized the key from the criminals and handed it over through intermediaries,” The Guardian writes. This appears believable, since we all know that the Kaseya incident impressed vital political tensions between the White House and Kremlin. President Joe Biden reportedly had a curt conversation with Vladimir Putin not longer after the Kaseya assault, during which he requested the Russian chief to principally take duty for the cybercriminals working inside his nation’s borders.
Another hypothetical state of affairs may very well be that Kaseya really paid the ransom fairly early within the extortion course of, thus exchanging the cash for the important thing. That may clarify why REvil has since disappeared. That is, if it achieved what it set out to do, why not take the cash and run?
All in all, it’s one other considerably mysterious decision to a large-scale ransomware assault—a development that appears to be more and more widespread. A equally imprecise climax occurred in early June, when the FBI introduced that it had by some means managed to track and seize a majority of the ransom cost paid to the gang DarkSide after its assault on Colonial Pipeline. The feds by no means disclosed their strategies and, related to the state of affairs involving REvil, DarkSide proceeded to “go dark” across the identical time that the FBI seized its cash.
This Web site is affiliated with Amazon associates, Clickbank, JVZoo, Sovrn //Commerce, Warrior Plus etc.