News July 23, 2021
Decryption Key Obtained in Massive Cyberattack
The assault, launched by a criminal gang of hackers, affected more than 1,000 businesses and public organizations.
The more than 1,000 businesses and public organizations whose computers systems were crippled in a devastating cyberattack are receiving a decryption key that will allow them to get their networks operational again, reports indicate.
Digital criminals believed to be from REvil, a ransomware gang reportedly based in Russia/Eastern Europe, launched the attack on Kaseya, a Miami-headquartered IT management software firm that specializes in cybersecurity.
The attack, which began Friday, July 2, directly impacted about 50 of Kaseya’s customers. However, many more companies and other entities were affected because Kaseya’s clients provide information technology services to those businesses. “The attack locked up computers at schools in New Zealand and locked up cash registers at Coop, a Swedish grocery store chain that was forced to shut some outlets,” The Wall Street Journal reported.
As of Thursday, July 22, Kaseya was reporting that it had received a decryption key that will knock out the malware that was affecting computers at organizations around the world, including the U.S.
Kaseya wouldn’t say if it paid the estimated $50 million to $70 million ransom the hackers were asking for in order to hand over the key, nor would the Florida firm reveal how it obtained the key, noting only it was gotten through a “third party.”
Updates Regarding VSA Security Incident
— Kaseya Corp (@KaseyaCorp) July 20, 2021
July 19, 2021 - 3:15 PM EDT
Kaseya is releasing patch 9.5.7.3011 which remediates functionality issues caused by the enhanced security measures put in place and provides bug fixes (this is not a security release).https://t.co/iqFlNJ67jt
In a statement, Kaseya said it had “teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.”
Ransomware analysts speculated that Kaseya may have obtained the key by any number of means, from having paid the ransom itself or a government having paid the ransom on the company’s behalf, CNBC reported. It’s also possible that victims combined funds to pay the hefty extortion, or even that the Russian government seized the key from the hackers and gave it to intermediaries that ultimately supplied it to Kaseya.
Love this incredibly helpful and informative piece by @TheresaHegel, on such a critical topic these days. @jnnorris @daledenham @Collab_Seth
— Michele Bell (@ASI_MBell) June 30, 2021
"How to Handle a Ransomware Attack in Progress" https://t.co/al8XDFWxLr
In a twist, REvil vanished from the internet on July 13. “That likely deprived whoever carried out the attack of income because such affiliates split ransoms with the syndicates that lease them the ransomware,” CNBC reported.
According to reports, some of the companies/organizations affected by the attack may have already rebuilt or restored their networks. Others, according to Kaseya, remained in what a spokesperson said was “complete lockdown” weeks after the attack.
“We remain committed to ensuring the highest levels of safety for our customers and will continue to update here as more details become available,” Kaseya said in a statement.
The Kaseya attack is yet another indicator that cyber assaults are rising in both frequency and severity. Promotional products firms must take such threats seriously or risk the potential devastation of their businesses, as ASI has reported here.
Are you taking the cyber threats and con attempts aimed at your #promproducts business seriously? If not, you're risking a lot: https://t.co/FQgW9soGM5 @Tim_Andrews_ASI @ASI_MBell @asicentral
— Chris Ruvo (@ChrisR_ASI) June 22, 2021