viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Kaseya gets master decryptor to help customers still suffering from REvil attack
Technology

Kaseya gets master decryptor to help customers still suffering from REvil attack

22/07/2021

Close-up of an armored door key.

Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack.

Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services.

Finally, a universal decryptor

“We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers,” Dana Liedholm, senior VP of corporate marketing, wrote in an email on Thursday morning. “We are providing tech support to use the decryptor. We have a team reaching out to our customers, and I don’t have more detail right now.”

In a private message, threat analyst Brett Callow of security firm Emsisoft said, “We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers.”

Advertisement

REvil had demanded as much as $70 million for a universal decryptor that would restore the data of all organizations compromised in the mass attack. Liedholm declined to say if Kaseya paid any sum in exchange for the decryption tool. Kaseya has since patched the zero-day used in the attack.

For the time being, it’s not publicly known if Kaseya paid the ransom or received it for free from REvil, a law enforcement agency, or a private security company.

In the days following the attack, REvil’s site on the dark web, along with other infrastructure the group uses to provide technical support and process payments, suddenly went offline. The unexplained exit left victims and researchers worried that the data would remain locked up forever, since the only people with the ability to decrypt it had vanished.

Where did it come from?

REvil is one of several ransomware groups believed to operate out of Russia or another Eastern European country that was formerly part of the Soviet Union. The group’s disappearance came a few days after President Joe Biden warned his Russian counterpart Vladimir Putin that if Russia didn’t rein in those ransomware groups, the US might take unilateral action against them.

Observers have speculated since then that either Putin pressured the group to go quiet or the group, rattled by all the attention it received from the attack, decided to do so on its own.

Some of the companies victimized by the attack include Swedish grocery store chain COOP, Virginia Tech, two Maryland towns, New Zealand schools, and international textile company Miroglio Group.

REvil is also behind a crippling attack on JBS, the world’s biggest producer of meat. The breach caused JBS to temporarily close some plants.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

PoS malware skimmed  convenience store customers’ card data for 8 months
US convenience store Wawa said on Thursday that it recently …

PoS malware skimmed convenience store customers’ card data for 8 months

PlayStation 5 gets Godfall looter-slasher from Gearbox Publishing
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

Model Y deliveries begin: Here’s what is new in Tesla’s EV crossover

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Is your small business ready for the new world of work? (VB Live)
    Is your small business ready for the …
    01/09/2020
  • This browser extension unhides Instagram Likes – TechCrunch
    This browser extension unhides Instagram Likes – …
    03/12/2019
  • TrueNAS isn’t abandoning BSD—but it is adopting Linux
    TrueNAS isn’t abandoning BSD—but it is adopting …
    04/06/2020
  • GamesBeat Summit Digital: Influencers talk about the future of influencer marketing
    GamesBeat Summit Digital: Influencers talk about the …
    18/04/2020
  • FCC tries to bury finding that Verizon and T-Mobile exaggerated 4G coverage
    FCC tries to bury finding that Verizon …
    05/12/2019

Popular Posts

  • 10 Real Historical Events That Inspired ‘Game …
    22/05/2022 0
  • Top 10 Most Singular Encounters with Unidentified …
    24/04/2022 0
  • 10 Creepy Apocalyptical Predictions – Listverse
    25/04/2022 0
  • 10 Meetings That Shaped History – Listverse
    25/04/2022 0
  • The first “Meta Store” is opening in California in May
    The first “Meta Store” is opening in …
    25/04/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh