Kaseya Ltd. said it has obtained a decryptor for victims of a July 2 ransomware attack that affected as many as 1,500 companies.
In an update on its website, the Miami-based company said it received the decryptor from a third party and has “teams actively helping customers affected by the ransomware to restore their environments.”
Kaseya didn’t identify the third party who provided the decryptor. It’s also wasn’t clear if the company paid the hackers a ransom.
“We obtained the encryptor from a trusted third party,” Dana Liedholm, Kaseya senior vice president for corporate marketing, said in an email. “It’s working well.”
Brett Callow, a threat analyst at the New Zealand-based cybersecurity firm Emsisoft, said the company is “working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims.”
A Russia-linked ransomware group called REvil has claimed credit for the attack and initially demanded $70 million for a universal decryptor to unlock computers infected with its malware.
The group’s dark web pages, where it has previously posted details of its attacks, vanished more than a week ago. It remains unclear if the group voluntarily took down the pages, perhaps to rebrand, or if the pages were removed by authorities in the U.S., Russia or elsewhere. A few days earlier, President Joe Biden had pressed his Russian counterpart, Vladimir Putin, to act against ransomware attackers in his country
Kaseya provides software to managed service providers, who in turn offer information technology and cybersecurity services to small- and medium-sized businesses. The hackers exploited multiple previously unknown vulnerabilities in Kaseya IT management software.
By infecting Kaseya’s software, the hackers were able to invade others further down the supply chain.