Kaseya, the Florida company that fell victim to a ransomware attack in early July, has now come into possession of a universal key that can decrypt the over-1,000 businesses and public organizations that were affected by the attack, the Associated Press writes.
Dana Liedholm, spokeswoman for Kaseya, didn’t say how the key was obtained or whether a ransom was paid.
The key has the ability to unlock the scrambled data from any victim.
She said it had come from a “trusted third party.” Kaseya, she said, was distributing it to all victims, and the cybersecurity firm Emsisoft said the key worked and it was providing support.
According to the report, there were several reasons why the key may have been released. For one, Kaseya could’ve paid. The government might have done so. Victims could’ve pooled funds. Or the Kremlin could’ve taken the key from the criminals, handing it over via intermediaries.
The report also notes that maybe the person or people truly responsible for the attack were not paid by the gang whose ransomware was used.
Many victims by now have likely rebuilt their networks or restored them from backups. Liedholm called it a mixed bag — she said some victims were in “complete lockdown.” She didn’t know the overall cost of the damage and had no comment as for whether any lawsuits had been filed against Kaseya.
The Kaseya attack was a particularly damaging one because it spread through software used by managed service providers, which administer several customer networks’ software updates and security patches. The perpetrator of the attack was speculated to have been REvil, a Russian-linked criminal syndicate which has since gone dark online.
PYMNTS reported that Kaseya officials knew in April this year about a potential cybersecurity vulnerability. The Wall Street Journal reported that the company was “told of a serious cybersecurity hole in its Kaseya VSA software on April 6.”