Universal decryptor now available for REvil ransomware

REvil ransomware

It is now almost three weeks since the gigantic ransomware attack that exploited a vulnerability in Kaseya VSA remote management software. The attack affected millions of devices and the group behind it, REvil, had been demanding a $70 million ransom.

There had been great concern about the fall out from the attack due to the apparent disappearance of REvil which made it impossible for anyone willing to pay the ransom to do so. Now a universal decryption key has been obtained from a "trusted third party", giving victims the chance to regain access to their data without the need to part with any money.

See also:

Advertisement

Kaseya said that it came into possession of the decryptor earlier this week and then subjected it to testing. Happy that the tool does its job as expect, the company is now in the process of distributing it to affected customers, but it is staying tight-lipped about where the decryptor came from.

In a statement given to Bleeping Computer, Kaseya's senior vice president of corporate marketing, Dana Liedholm, said:

We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source. We had the tool validated by an additional third party and have begun releasing it to our customers affected.

The source of the decryptor is not all that Kaseya is keeping quiet about; the company says that it "can't confirm or deny" whether it paid a ransom to the perpetrators. But while Kaseya is saying nothing about where the decryptor came from, NBC reporter Kevin Collier is among those speculating about the source:

Security firms Emisoft has been working with Kaseya, and has separately confirmed the efficacy of the decryptor.

Image credit: tanpanamanoob / Shutterstock

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.