Universal decryptor now available for REvil ransomware
It is now almost three weeks since the gigantic ransomware attack that exploited a vulnerability in Kaseya VSA remote management software. The attack affected millions of devices and the group behind it, REvil, had been demanding a $70 million ransom.
There had been great concern about the fall out from the attack due to the apparent disappearance of REvil which made it impossible for anyone willing to pay the ransom to do so. Now a universal decryption key has been obtained from a "trusted third party", giving victims the chance to regain access to their data without the need to part with any money.
- Researchers discover high-severity, 16-year-old flaw in drivers for millions of HP, Samsung and Xerox printers
- Sequoia: Linux kernel security flaw gives unprivileged users root access
- HiveNightmare: Windows 10 and Windows 11 have a security vulnerability that can be exploited to gain administrative access to the registry
Kaseya said that it came into possession of the decryptor earlier this week and then subjected it to testing. Happy that the tool does its job as expect, the company is now in the process of distributing it to affected customers, but it is staying tight-lipped about where the decryptor came from.
In a statement given to Bleeping Computer, Kaseya's senior vice president of corporate marketing, Dana Liedholm, said:
We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source. We had the tool validated by an additional third party and have begun releasing it to our customers affected.
The source of the decryptor is not all that Kaseya is keeping quiet about; the company says that it "can't confirm or deny" whether it paid a ransom to the perpetrators. But while Kaseya is saying nothing about where the decryptor came from, NBC reporter Kevin Collier is among those speculating about the source:
Security firms Emisoft has been working with Kaseya, and has separately confirmed the efficacy of the decryptor.