Kaseya, the tech firm hit by the ransomware, gets the key to unlock it.


Miami-based company Kaseya, ransomware attack on hundreds of businesses Over the July 4 holiday weekend, he said Thursday he received a key to help customers unlock access to their data and networks.

The mystery is how the company got the key. Kaseya said it was only on Wednesday that she received the key from a “third party” and was “effective in unlocking victims”.

This development is among the latest mysteries surrounding the Kaseya attack, where a Russia-based ransomware group named REvil, short for Ransomware Evil, breached Kaseya and used it to extort hundreds of Kaseya customers, including grocery and pharmacy chains in Sweden. taking. and two towns in Maryland, Leonardtown and North Beach.

The attack prompted emergency meetings at the White House and prompted President Biden to call Russian President Vladimir Putin and demand that he address the ransomware attacks originating from within its borders.

Within days from the date of the call, REvil went dark. REvil’s “Happy Blog,” where REvil published emails and files stolen from ransomware victims, was gone. The payment platform is gone. Its most notorious members have suddenly disappeared from cybercrime forums.

It is unclear whether REvil disabled itself of its own accord or at the behest of the Kremlin, or whether hackers at the Pentagon’s Cyber ​​Command played any role. However, it was a loss for Kaseya’s victims, who were still in the process of negotiating to get the data back when her hijackers suddenly disappeared.

It was a pleasant surprise when Kaseya announced that she had found the key. Often when ransomware groups hand over decryption tools to victims who meet extortion demands, the tools are slow or ineffective. But in this case, Brett Callow, a threat researcher at EmsiSoft, a security firm working with Kaseya, confirmed that the decryptor was “effective.”

Jose Maria Leon Cabrera and Julie Turkewitz contributing reporting.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *