Categories: CyberCrimeSecurity

Kaseya Obtains Universal Decryptor After REvil Attack

A decryption tool has been made available to the hundreds of companies affected by REvil’s hack of US software company Kaseya earlier this month.

Kaseya said it had received the universal decryption tool from a “trusted third party” and had it validated by an outside firm.

REvil launched an attack on Kaseya on 2 July, exploiting a zero-day vulnerability in the Kaseya VSA remote management application.

It succeeded in encrypting the systems of dozens of managed service providers and an estimated 800 to 1,500 businesses.


Five hundred Swedish Coop supermarkets were forced to close after their cash registers, operated by an affected service provider, stopped functioning, and 11 schools in New Zealand were also involved in the disruption.

The REvil ransomware gang demanded $70 million (£51m) in Bitcoin for a universal decryptor and  smaller amounts for more limited fixes.

But the gang mysteriously disappeared from the internet soon afterward, shutting down its payment infrastructure so that organisations couldn’t buy a fix even if they had wanted to.

Kaseya said it is distributing the decryptor tool to those affected, but said it couldn’t disclose the source.

New Zealand-based computer security firm Emsisoft said it was the company that had validated the tool and is aiding Kaseya in its recovery efforts.

‘New beginning’

Kaseya declined to comment to Bleeping Computer on whether it had paid a ransom for the decryptor.

Diplomatic pressure exerted by the US on Russia, where REvil is believed to be based, may have contributed to REvil’s disappearance and to the decryptor being supplied.

The tool was voluntarily given away by a “trusted partner” of REvil on behalf of the group’s leader, who calls himself “Unknown”, the BBC reported, citing a hacker who claims to belong to REvil’s inner circle.

The hacker said the gesture was part of a “new beginning”.

REvil has previously disappeared and reappeared in other forms, and its recent suspension of activities is unlikely to be permanent.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago