Kaseya, the IT software provider, has provided its clients with a decryption tool to recover customer data that was locked in a ransomware attack earlier this month.
It has been reported that the global technology firm stated it has been assisting its customers with the restoration of their encrypted data in partnership with cybersecurity company Emsisoft. It has been issuing a mysterious “decryptor” tool enabling customers to access data that had been locked by the malware disseminated in the July 2 attack.
The firm stated:
“The decryption tool has proven 100% effective at decrypting files that were fully encrypted in the attack.”
However, the company has denied paying the $70 million in Bitcoin to the Russian hacker group, REvil, which took responsibility for the attack. Kaseya did not disclose how it came across the decryption software either, stating only that has not paid any ransom to get it. Kaseya confirmed that, after consultation with experts, it decided not to negotiate with the criminals who perpetrated the attack.
Kaseya said:
“We are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”
The report said that on July 2, the ransomware hacking group REvil brought the networks of at least 200 US companies to their knees by leveraging an unpatched zero-day vulnerability in Kaseya's IT management and automation software (VSA). The news comes as ransomware is coming under increasing scrutiny from lawmakers.
Likewise, according to a July 9 report, Michele Korver’s appointment to the US Financial Crimes Enforcement Network (FinCEN) promises to reduce illicit financial practices within the crypto space. During her previous tenure at the Department of Justice, she developed cryptocurrency seizure and forfeiture policy and legislation. US senators and politicians have come down hard on the cryptocurrency sector, largely blaming the technological phenomenon for the increase in ransomware attacks.
After the Colonial Pipeline and JBS attacks in May and June, there were calls for a crackdown on cryptocurrency in the US Senate after digital assets were dubbed the “ransom payment of choice” for hackers.
Thus, meatpacker JBS paid an $11 million Bitcoin ransom to REvil, while Colonial made a $4.4 million BTC payment to Russia-linked DarkSide.
Source: Cointelegraph | Image: CSO Online