{"id":46752,"date":"2021-07-27T13:41:25","date_gmt":"2021-07-27T10:41:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=46752"},"modified":"2025-09-01T17:58:07","modified_gmt":"2025-09-01T14:58:07","slug":"kaseya-the-american-software-maker-obtains-decryptor-key-without-paying-ransom","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/kaseya-the-american-software-maker-obtains-decryptor-key-without-paying-ransom\/","title":{"rendered":"Kaseya, the American software maker, obtains decryptor key without paying ransom"},"content":{"rendered":"<p>The American software maker Kaseya has obtained a \u201cuniversal decryptor key\u201d for files affected by the ransomware attack mounted by the hacker group REvil. The company <a href=\\\"https:\/\/www.kaseya.com\/potential-attack-on-kaseya-vsa\/\\\">claims<\/a> that it did not pay the attackers a ransom, and the key was provided to it by a \u201ctrusted third party\u201d.<\/p>\n<p>On July 2, Kaseya&#8217;s experts advised their clients to disconnect the software due to a potential attack, which was subsequently confirmed. Later, on REvil&#8217;s website there appeared <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hackers-breached-thousands-of-companies-and-demanded-a-70-million-ransom-in-bitcoin\">a ransom demand of $70 million in bitcoins<\/a> for decrypting the files of all victims.<\/p>\n<p>On July 22, nineteen days after the initial infection, the company received a decryptor key from a \u201ctrusted third party,\u201d NBC News journalist Kevin Collier said, citing a Kaseya representative. According to him, about 1,500 organizations were affected by the attack.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">News: Kaseya, the patient zero company for REvil&#8217;s 1,500-company 4th of July ransomware spree, finally obtained a REvil decryptor key yesterday. 19 days after it was first infected.<\/p>\n<p>Got it from &#8220;a trusted third party,&#8221; a spox says. Company is working to remediate customers now.<\/p>\n<p>\u2014 Kevin Collier (@kevincollier) <a href=\\\"https:\/\/twitter.com\/kevincollier\/status\/1418231803429675008?ref_src=twsrc%5Etfw\\\">July 22, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Emisoft, a cybersecurity-focused company that collaborates with Kaseya, confirmed to Collier the decryptor&#8217;s effectiveness.<\/p>\n<p>According to a July 26 statement, the software developer, together with Emisoft, provides decryptors to affected customers upon request. The company stressed that the key \u201cproved 100% effective in decrypting files that had been fully encrypted during the attack.\u201d<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAfter consulting with experts, Kaseya decided not to engage in negotiations with the criminals who carried out this attack [\u2026]. Thus, we can unequivocally confirm that the company did not pay a ransom\u2014either directly or indirectly through third parties\u2014to obtain the decryptor,\u201d the statement reads.<\/p>\n<\/blockquote>\n<p>Collier speculated that American or Russian authorities may have been involved. He also noted that Emisoft has only an indirect role in decrypting the files, providing clients with the key obtained from Kaseya.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">To be clear, Emsisoft \u2014 the company that built the software that uses this key to clean up victims from that last REvil spree \u2014 did not provide Kaseya with the key. It&#8217;s the other way around.<\/p>\n<p>\u2014 Kevin Collier (@kevincollier) <a href=\\\"https:\/\/twitter.com\/kevincollier\/status\/1419717364472500225?ref_src=twsrc%5Etfw\\\">July 26, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Earlier <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hacker-sites-vanish-from-the-dark-web\">REvil&#8217;s darknet sites abruptly went offline<\/a>. Among the resources that went offline were Happy Blog, used for publishing data about victims, as well as portals for discussing the ransom amount and receiving payments.<\/p>\n<p>This occurred after <a href=\"https:\/\/u1f987.com\/en\/news\/biden-threatens-putin-with-a-retaliatory-strike-over-inaction-on-hackers\">a phone call between the U.S. and Russian presidents<\/a>. Joe Biden urged Vladimir Putin to halt ransomware attacks launched from Russian territory against American companies. Later, Biden affirmatively answered the question about the possibility of disconnecting the hackers&#8217; servers by the United States.<\/p>\n<p>According to <a href=\\\"https:\/\/ransomwhe.re\/\\\">Ransomwhere<\/a>, more than $45 million in cryptocurrency has been sent to addresses associated with the ransomware operators. The REvil group is one of the largest operators of ransomware \u2014 victims sent more than $12 million to its coffers.<\/p>\n<p>As Bloomberg reports, to counter the ransomware threat the Biden administration intends <a href=\"https:\/\/u1f987.com\/en\/news\/bloomberg-us-to-track-crypto-transactions-to-counter-ransomware-attacks\">to track ransoms paid by victims of attacks<\/a>, according to Bloomberg. The White House is said to have formed a ransomware task force.<\/p>\n<p>Follow ForkLog\u2019s bitcoin news on our <a href=\\\"\/\/telegram.me\/forklog\\\" target=\\\"\u201c_blank\u201d\\\" rel=\\\"\u201cnofollow\u201d noopener\\\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An American software maker Kaseya has obtained a \u201cuniversal decryptor key\u201d for files affected by the ransomware attack carried out by the REvil hacker group. The company says it did not pay the attackers a ransom, and the key was provided to it by a \u201ctrusted third party\u201d.<\/p>\n","protected":false},"author":1,"featured_media":46753,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-46752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"21","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=46752"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46752\/revisions"}],"predecessor-version":[{"id":46754,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/46752\/revisions\/46754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/46753"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=46752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=46752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=46752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}