Kaseya, the MSP who had faced the zero day attack (CVE-2021-30116) on its VSA product and then escalated into the supply chain attack by releasing fake updates has finally confirmed that they had received the universal Decryptor from a trusted party for free.

“On July 2, at approximately 2 p.m. EST, Kaseya was alerted to a potential attack by internal and external sources. Within an hour, in an abundance of caution, Kaseya immediately shut down access to the software in question. The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached.” reads the announcement.

Ransomware message from REvil
Source: Cybernews

During the initial period of cyber attack the REvil ransomware gang has asked the victims to pay $44,999 worth of bitcoin, However at some point of time, they has increased the deal to $70 million for the Universal Decryptor for decrypting all the REvil ransomware infected devices.

We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.” reads the notification shared publicly.

Interestingly from July 13, the infrastructures and websites handled by REvil gang has mysteriously went offline and unreachable on the other hand, the payment site of the threat actors named “decoder[.]re” had also went offline simultaneously.

Experts think that this mysterious disappearance could be due to the sudden pressure from the government authorities to contain the cyber security threats.

Missed the Kaseya’s Cyber attack stories? Checkout this (link, link, link, link)

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s