Almost three weeks after Florida-based software program vendor Kaseya was hit by a widespread supply-chain ransomware attack, the corporate on Thursday mentioned it obtained a common decryptor to unlock techniques and assist prospects get well their knowledge.
“On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware assault, and we’re working to remediate prospects impacted by the incident,” the corporate said in a press release. “Kaseya obtained the device from a third-party and have groups actively serving to prospects affected by the ransomware to revive their environments, with no studies of any downside or points related to the decryptor.”
It isn’t instantly unclear if Kaseya paid any ransom. It is value noting that REvil associates had demanded a ransom of $70 million — an quantity that was subsequently lowered to $50 million — however quickly after, the ransomware gang mysteriously went off the grid, shutting down their fee websites and knowledge leak portals.
The incident is believed to have infiltrated as many as 1,500 networks that relied on 60 managed service suppliers (MSPs) for IT upkeep and assist utilizing Kaseya’s VSA distant administration product as an ingress level for what has turned out to be one of many “most important cybersecurity event of the year.”
The data expertise agency has since released patches for the zero-days that have been exploited to realize entry to Kaseya VSA on-premise servers, utilizing the foothold to pivot to different machines managed by way of the VSA software program and deploy a model of the REvil ransomware.
The fallout from the assault, waged by way of a breach within the software program provide chain, has raised new issues about how risk actors are more and more abusing the belief related to third-party software program to put in malware, to not point out underscore the swift injury brought on by ransomware assaults on trusted supply-chain suppliers, paralyzing a whole lot of small and medium-sized companies and inflicting havoc at scale with only one exploit.