Almost three weeks after Florida-based software publisher Kaseya was hit by a widespread ransomware attack on the supply chain, the company said Thursday it has obtained a universal decryptor to unlock systems and help customers recover their data.
“On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we are working to remedy the customers affected by the incident,” the company said. noted in a report. “Kaseya obtained the tool from a third party and has teams actively helping customers affected by the ransomware restore their environments, with no reports of any issues or issues associated with the decryptor.”
It is not immediately clear whether Kaseya paid a ransom. It should be noted that REvil affiliates had demanded a ransom of $ 70 million – an amount that was later lowered to $ 50 million – but shortly thereafter the ransomware gang mysteriously came out of the grid, by shutting down their payment sites and data leakage portals.
The incident reportedly infiltrated up to 1,500 networks that depended on 60 Managed Service Providers (MSPs) for maintenance and IT support using Kaseya’s VSA remote management product as an entry point for what turned out to be one of “most important cybersecurity event of the year. “
Kaseya has since fixes released for zero days which were exploited to access Kaseya VSA’s on-premises servers, using the base to pivot to other machines managed through VSA software and deploy a version of the REvil ransomware.
The fallout from the attack, led by a breach in the software supply chain, has raised new concerns about how threat actors are increasingly abusing the trust associated with third-party software to install software. malware, not to mention the rapid damage caused by ransomware attacks. on trusted supply chain providers, crippling hundreds of small and medium businesses and wreaking havoc on a large scale with a single feat.