The US-based software vendor Kaseya that suffered a REvil ransomware attack at the beginning of July said it received a universal decryptor that allows victims of said ransomware attack to recover their files for free.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsosoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims,” the company said in a statement on its website.
On July 2 the Revil gang launched a massive ransomware attack on Kaseya in which the hackers exploited a number of zero-day vulnerabilities (since patched) in the company’s Virtual System Administrator (VSA) remote management tool to gain access to machines managed through the VSA software and deploy a version of the REvil ransomware. The attack affected as many as 1,500 networks that relied on 60 managed service providers (MSPs) that used the VSA product for IT maintenance and support.
Initially, the REvil gang demanded a ransom of $70 million for a universal decryptor to recover the encrypted files, but later the amount was lowered to $50 million. Kaseya did not disclose if it paid any ransom.
On July 13, REvil's public website and a payment website suddenly went offline prompting speculations that the group may have been targeted by authorities.