14 DAY TRIAL // The software vendor Kaseya said on Thursday that it has obtained a universal decryptor for unlocking systems and helping clients to recover data, according to The Hacker News. This happened almost three weeks after the broad-based supply chain ransomware attack on the company.
It is unclear at this time whether Kaseya paid the ransom right away. It should be recalled that REvil cybercriminal partners asked for a $70 million ransom. This amount was subsequently lowered to $50 million, but that the gang had abruptly and mysteriously disappeared from the Internet and shut down payment sites along with data-leaking portals soon thereafter.
In all, 1500 networks were believed to have been compromised, with the VSA remote management software from Kaseya's serving as the entry point for what has proved to be one of the biggest cyber security events of the year that involved 60 managed service providers (MSPs). The cyberattacks have crippled hundreds of small and medium organizations and wreaked widespread havoc in the financial sector.
The impact of the attack on trusted vendors has not only raised new questions about how cybercriminals are increasingly abusing trust in third-party software to install malware. The aftermath of the cyberattack also demonstrated how quickly ransomware attacks can wreak havoc on trusted providers.
Kaseya issued updates to address the vulnerabilities used in the most recent large-scale cyberattack
To prevent unauthorized access to Kaseya VSA onsite servers, the company now provides patches for the zero-day flaws. The vulnerabilities allowed cybercriminals to pivot to other PCs using VSA software and spread a version of the REvil ransomware.
The company’s statement reads "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the incident,"[...]"Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor."