News

Kaseya Unlocking REvil-Encrypted Data Using Universal Key

IT solutions firm Kaseya is now using a "universal decryptor key" for customers affected by a REvil ransomware attack, according to an announcement this week.

As reported by Kaseya on July 2, a REvil ransomware-as-a-service group had encrypted Kaseya's customers' data, promising to unlock it for a price. The group had carried out the attacks by leveraging a zero-day vulnerability in Kaseya's VSA management solution. The attacks were described as potentially affecting about 60 of Kaseya's managed service provider (MSP) customers plus almost 1,500 of their business customers.

In a July 22 notice, Kaseya indicated that it had obtained a universal decryptor key from "a third party," which wasn't named. Kaseya's announcement left it unclear whether the third party might be the REvil gang that had launched the ransomware or some more helpful entity.

The note added that there have been "no reports of any problem or issues associated with the decryptor." Kaseya is currently contacting customers affected by the ransomware.

Customers that had used Kaseya's premises-installed VSA management solution were the ones affected by the REvil ransomware. Kaseya also offers VSA as a hosted service, but it apparently wasn't affected. The company, which provides IT management solutions to MSPs and organizations, has since patched both VSA product implementations.

Kaseya is working with New Zealand-based Emsisoft to support affected customers. "Emsisoft has confirmed the key is effective at unlocking victims," Kaseya's announcement indicated.

The attack reportedly affected 800 of Sweden's Coop grocery stores, which had be closed, according to Reuters. The ransomware had infiltrated Coop's IT service provider, which used Kaseya's product.

The REvil attackers had at one point demanded $70 million to restore all of the encrypted data.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.