23 July 2021

Kaseya obtains a decryptor for victims of the REvil ransomware attack


Kaseya obtains a decryptor for victims of the REvil ransomware attack

The US-based software vendor Kaseya that suffered a REvil ransomware attack at the beginning of July said it received a universal decryptor that allows victims of said ransomware attack to recover their files for free.

“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsosoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims,” the company said in a statement on its website.

On July 2 the Revil gang launched a massive ransomware attack on Kaseya in which the hackers exploited a number of zero-day vulnerabilities (since patched) in the company’s Virtual System Administrator (VSA) remote management tool to gain access to machines managed through the VSA software and deploy a version of the REvil ransomware. The attack affected as many as 1,500 networks that relied on 60 managed service providers (MSPs) that used the VSA product for IT maintenance and support.

Initially, the REvil gang demanded a ransom of $70 million for a universal decryptor to recover the encrypted files, but later the amount was lowered to $50 million. Kaseya did not disclose if it paid any ransom.

On July 13, REvil's public website and a payment website suddenly went offline prompting speculations that the group may have been targeted by authorities.

Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021