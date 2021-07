At the heart of ransomware operations that hit 1,500 downstream networks, Kaseyathe remote management software sellers have decryption capabilities that require successful restoration of encrypted data during the July 4 weekend attack. I said I got it.

An affiliate of REvil, one of the most radical ransomware groups on the Internet, has exploited a critical zero-day vulnerability in its Miami, Florida-based Kaseyas VSA remote management product. A vulnerability that was days away from Kaseya’s patching allowed ransomware operators to compromise a network of about 60 customers. From there, the robbers infected as many as 1,500 networks that depended on 60 customers for their services.Finally, the universal decoder

Yesterday, I got a decryption tool from a trusted third party and used it successfully with affected customers, Dana Liedholm, Senior Vice President of Corporate Marketing, emailed Thursday morning. We provide technical support for using the decryption feature. We have a team to contact you, but we don’t know the details at this time.

In a private message, Brett Callow, a threat analyst at security firm Emsisoft, said he is working with Kaseya to support customer engagement efforts. We will continue to support Kaseya and its customers, ensuring that the key is effective in unlocking the victim.

REvil has demanded as much as $ 70 million in universal decryption equipment to restore data from all organizations endangered by a major attack. Liedholm did not reveal whether Kaseya paid any amount in exchange for the decryption tool. Kaseya then patched the zero-day used in the attack.

Whether Kasaya paid the ransom or received it free of charge from REvil, law enforcement and private security companies has not been announced for the time being.

The day after the attack, the REvils site on the dark web suddenly went offline, along with other infrastructure that the group used to provide technical support and process payments. The unexplained exit left victims, and researchers worried that the data would remain locked forever, as the only people with the ability to decrypt the data disappeared.

Where did it come from?

REvil is one of several ransomware groups believed to be active in Russia or another Eastern European country that was formerly part of the Soviet Union. The group’s disappearance warned Russian counterpart Vladimir Putin that President Joe Biden could take unilateral action if Russia did not suppress these ransomware groups. It happened a few days later.

Since then, observers speculate that Putin has pressured the group to be quiet, or that the group rattling all the attention received from the attack has decided to do so.

Companies affected by the attack include the Swedish grocery chain COOP, Virginia Tech, two towns in Maryland, schools in New Zealand, and the international textile company Miloglio Group.

REvil is also behind a devastating attack on JBS, the world’s largest meat producer. Due to this breach, JBS temporarily closed some plants.

