News

Kaseya Unlocking REvil-Encrypted Data Using Universal Key

IT solutions firm Kaseya is now using a "universal decryptor key" for customers affected by a REvil ransomware attack, according to an announcement this week.

As reported by Kaseya on July 2, a REvil ransomware-as-a-service group had encrypted Kaseya's customers' data, promising to unlock it for a price. The group had carried out the attacks by leveraging a zero-day vulnerability in Kaseya's VSA management solution. The attacks were described as potentially affecting about 60 of Kaseya's managed service provider (MSP) customers plus almost 1,500 of their business customers.

In a July 22 notice, Kaseya indicated that it had obtained a universal decryptor key from "a third party," which wasn't named. Kaseya's announcement left it unclear whether the third party might be the REvil gang that had launched the ransomware or some more helpful entity.

The note added that there have been "no reports of any problem or issues associated with the decryptor." Kaseya is currently contacting customers affected by the ransomware.

Customers that had used Kaseya's premises-installed VSA management solution were the ones affected by the REvil ransomware. Kaseya also offers VSA as a hosted service, but it apparently wasn't affected. The company, which provides IT management solutions to MSPs and organizations, has since patched both VSA product implementations.

Kaseya is working with New Zealand-based Emsisoft to support affected customers. "Emsisoft has confirmed the key is effective at unlocking victims," Kaseya's announcement indicated.

The attack reportedly affected 800 of Sweden's Coop grocery stores, which had be closed, according to Reuters. The ransomware had infiltrated Coop's IT service provider, which used Kaseya's product.

The REvil attackers had at one point demanded $70 million to restore all of the encrypted data.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.