- Street: Ul. Zamenhofa Ludwika 12
- City: Warszawa
- State: Arizona
- Country: Poland
- Zip/Postal Code: 00-153
Kaseya denies ransomware payment as it hails ‘100% effective’decryption tool
Kaseya has denied rumors so it paid a ransom to the REvil cybercrime gang since it continues to roll out a decryptor to victims of a recent ransomware attack.
The software supply chain attack, which began on July 2, is believed to own affected up to 1,500 organizations via the hack of IT management platform Kaseya VSA.
Kaseya revealed on July 22 so it had obtained a decryption tool from the “third party” and was trying to restore the environments of impacted organizations with assistance from anti-malware experts Emsisoft.
The update sparked speculation regarding identity of the unnamed 3rd party, with Allan Liska of Recorded Future’s CSIRT team positing a disgruntled REvil affiliate, the Russian government, or that Kaseya themselves had paid the ransom.
The theory that the universal decryptor key became available because of police force action was strengthened on July 13 once the dark web domains connected with REvil abruptly went offline.
However, some experts also said it was likely that this was a prelude to REvil, whose other notable scalps include Travelex and World market Url – http://www2u.biglobe.ne.jp/~k_yone/cgi-bin/g_book/g_book.cgi//contact.php/g_book.cgi meat supplier JBS, rebranding itself in a bid to dodge law enforcement.
The cybercrime outfit was believed to own initially demanded a payment of $70 million from Kaseya, before lowering the selling price to $50 million.
Kaseya, which has reportedly granted organizations access to the decryptor contingent on signing a non-disclosure agreement, addressed rumors that it had paid a ransom in a statement yesterday (July 26):
Recent reports have suggested our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal. While each company must make its decision on whether to cover the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. Therefore, we’re confirming in no uncertain terms that Kaseya didn’t pay a ransom – either directly or indirectly through an alternative party – to acquire the decryptor.
Kaseya stated that “the decryption tool has proven 100% good at decrypting files that were fully encrypted in the attack&rdquo ;.
It added: “We continue to supply the decryptor to customers that request it, and we encourage all our customers whose data may have been encrypted throughout the attack to reach out to your contacts at Kaseya&rdquo ;.
The other day, meanwhile, security researchers from the business that unearthed the zero-day Kaseya vulnerabilities exploited by REvil disclosed a trio of additional zero-day flaws in another Kaseya product.
The Dutch Institute for Vulnerability Disclosure (DIVD) advised users of cloud-based Kaseya Unitrends, which can be acquired as an add-on for Kaseya VSA, not to expose the service to the net until a patch was released.
Also a week ago, Huntress Labs released a article speculating on why the compromise of 60 upstream, managed service provider customers using a fake software update hadn’t had even more calamitous consequences.
Dismissing the proven fact that Kaseya’s system shutdown was the principal reason, security researcher John Hammond pondered, among other potential reasons, whether threat actors had learned “from previous incidents (like Colonial Pipeline) that a bigger impact might invite government intervention?”
62 toplam, 1 bugün