Kaseya ransomware attack: IT firm obtains decryptor tool from ‘trusted third party’ nearly 20 days after hack
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments,” the company said in a statement.
Kaseya Corporation, a US-based IT firm that was recently the victim of a massive ransomware attack, said that it had acquired a third party tool to unlock the networks that were affected by the hack. The company also said that it is helping its customers affected by the ransomware to restore their affected operations.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments,” news agency AFP reported citing a statement released by Kaseya Corporation earlier on Thursday. "Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims," it further said.
However, the “third party” from which the tool was obtained to decrypt the hacked data was not mentioned by the company. According to Kevin Collier, a reporter with NBC News, Kaseya got the decryption tool from a “trusted third party” as was confirmed by a company spokesperson. In a tweet regarding the news, Collier further suggested that there were three ways in which Kaseya could have obtained the key - The US government obtained it via diplomatic channels with Russia or Russia asked REvil, the ransomware group behind the attack, to turn over the decryptor or Kaseya had paid the ransom and obtained the key. Emsisoft, a company offering cybersecurity solutions, is also involved along with Kaseya in restoring services for their customers, Collier further said.
Earlier on July 2, Kaseya had shut down its servers after a ransomware attack by the notorious REvil gang, based in Russia, affected several of its customers, including a few high-profile customers like Coop, a Swedish supermarket chain. Ransomware attacks are those in which the data of the victim is encrypted by the hacker and a ransom is demanded for restoring the data.
Following the attack, hackers demanded $70 million in Bitcoin from Kaseya as ransom. The company then released a statement on July 6, saying that the attack had only limited impact. “The attack had limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached,” the statement said. Despite this, several cybersecurity companies and experts had expressed their doubts about the limited impact, suggesting it could take more time to gauge the complete impact of the attack. Meanwhile, Coop had said that it had closed several of its stores because of crippled cash registers due to the attack earlier. It also said that alternate payment methods were being used in stores that remained open.
(With agency inputs)