Tech & ScienceTop Story

Master key given to ransomware victim Kaseya

ransomware

The software company that was targeted by a Russian ransomware hacker in order to take down major websites has obtained a master key allowing the sites to fix the damage. However, Kaseya has not indicated how it got the key – it could have paid the hackers for it. The Associated Press has the story:

Ransomware victim Kaseya mysteriously obtains key to restore data to hacked websites

BOSTON (AP) — The Florida company whose software was exploited in the devastating Fourth of July weekend ransomware attack, Kaseya, has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident.

Kaseya spokeswoman Dana Liedholm would not say Thursday how the key was obtained or whether a ransom was paid. She said only that it came from a “trusted third party” and that Kaseya was distributing it to all victims. The cybersecurity firm Emsisoft confirmed that the key worked and was providing support.

FILE – In this July 3, 2021, file photo, a closed Coop supermarket store in the suburb of Vastberga, Stockholm. The Florida company whose software was exploited in the devastating Fourth of July weekend ransomware attack, Kaseya, has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident. Kaseya spokeswoman Dana Liedholm would not say Thursday, July 22, how the key was obtained or whether a ransom was paid. She said only that it came from a “trusted third party” and that Kaseya was distributing it to all victims. (Jonas Ekstromer/TT via AP, File)

Ransomware analysts offered multiple possible explanations for why the master key, which can unlock the scrambled data of all the attack’s victims, has now appeared. They include: Kaseya paid; a government paid; a number of victims pooled funds; the Kremlin seized the key from the criminals and handed it over through intermediaries — or perhaps the attack’s principle protagonist didn’t get paid by the gang whose ransomware was used.

The Russia-linked criminal syndicate that supplied the malware, REvil, disappeared from the internet on July 13. That likely deprived whoever carried out the attack with income because such affiliates split ransoms with the syndicates that lease them the ransomware. In the Kaseya attack, the syndicate was believed overwhelmed by more ransom negotiations than it could manage, and decided to ask $50 million to $70 million for a master key that would unlock all infections.

By now, many victims will have rebuilt their networks or restored them from backups.

It’s a mixed bag, Liedholm said, because some “have been in complete lockdown.” She had no estimate of the cost of the damage and would not comment on whether any lawsuits may have been filed against Kaseya. It is not clear how many victims may have paid ransoms before REvil went dark.

FILE – In this July 3, 2021 file photo, a sign reads: ” Temporarily Closed. We have an IT-disturbance and our systems are not functioning”, posted in the window of a closed Coop supermarket store in Stockholm, Sweden. The Florida company whose software was exploited in the devastating Fourth of July weekend ransomware attack, Kaseya, has received a universal key that will decrypt all of the more than 1,000 businesses and public organizations crippled in the global incident. Kaseya spokeswoman Dana Liedholm would not say Thursday, July 22, how the key was obtained or whether a ransom was paid. She said only that it came from a “trusted third party” and that Kaseya was distributing it to all victims.(Ali Lorestani/TT via AP, File)

The so-called supply-chain attack of Kaseya was the worst ransomware attack to date because it spread through software that companies known as managed service providers use to administer multiple customer networks, delivering software updates and security patches.

President Joe Biden called his Russian counterpart, Vladimir Putin, afterward to press him to stop providing safe haven for cybercriminals whose costly attacks the U.S. government deems a national security threat. He has threatened to make Russia pay a price for failing to crack down. but has not specified what measure the U.S. may take.

If the universal decryptor for the Kaseya attack was turned over without payment, it would not be the first time ransomware criminals have done that. It happened after the Conti gang hobbled Ireland’s national healthcare service in May and the Russian Embassy in Dublin offered “to help with the investigation.”


By FRANK BAJAK

Read more tech & science news

Previous Article
New world of college athletes profiting off their images
Next Article
Can Olympic flame burn away the funk as Tokyo Games open?

How useful was this article?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this article.

Latest News

Menu