Software company’s unveiling of decryption key comes too late for many victims of devastating ransomware attack
July 23, 2021 – Article posted on CNN
On Thursday, Kaseya announced that it obtained a decryption key to help unlock any of its customers’ systems that were victimized by ransomware, but for many it was too little, too late. For the organizations whose systems were still offline three weeks after the attack, the newfound availability of a decryptor tool offered a sign of hope, but for many others that have already recovered without Kaseya’s help, either by paying off the REvil ransomware gang weeks ago or by painstakingly restoring from backups, the announcement was no help — and opens a new chapter of scrutiny for Kaseya as it declines to answer questions about how it obtained the key and whether it paid the $70 million ransom demand or another amount.
Cybersecurity experts have been left guessing as to how Kaseya acquired this decryptor and what exactly transpired. Multiple experts agreed that the theories largely fall into a few main buckets. It is technically possible, but unlikely, that Kaseya or one of its partners managed to reverse-engineer the tool from the ransomware, said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security. Groups like REvil tend not to leave vulnerabilities in their code that can be exploited, he added.
A more plausible theory, he said, is that Kaseya received help from law enforcement officials. If REvil’s disappearance was in fact the result of a government-led operation, the authorities may have seized a decryptor they could use to help Kaseya, several cybersecurity experts said.
Read More HERE.