See it and Sell it First at ASI Show Orlando – January 4-6, 2025.   Register Now.

Decryption Key Obtained in Massive Cyberattack

The assault, launched by a criminal gang of hackers, affected more than 1,000 businesses and public organizations.

The more than 1,000 businesses and public organizations whose computers systems were crippled in a devastating cyberattack are receiving a decryption key that will allow them to get their networks operational again, reports indicate.

Digital criminals believed to be from REvil, a ransomware gang reportedly based in Russia/Eastern Europe, launched the attack on Kaseya, a Miami-headquartered IT management software firm that specializes in cybersecurity.

Hacked

The attack, which began Friday, July 2, directly impacted about 50 of Kaseya’s customers. However, many more companies and other entities were affected because Kaseya’s clients provide information technology services to those businesses. “The attack locked up computers at schools in New Zealand and locked up cash registers at Coop, a Swedish grocery store chain that was forced to shut some outlets,” The Wall Street Journal reported.

As of Thursday, July 22, Kaseya was reporting that it had received a decryption key that will knock out the malware that was affecting computers at organizations around the world, including the U.S.

Kaseya wouldn’t say if it paid the estimated $50 million to $70 million ransom the hackers were asking for in order to hand over the key, nor would the Florida firm reveal how it obtained the key, noting only it was gotten through a “third party.”

In a statement, Kaseya said it had “teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.”

Ransomware analysts speculated that Kaseya may have obtained the key by any number of means, from having paid the ransom itself or a government having paid the ransom on the company’s behalf, CNBC reported. It’s also possible that victims combined funds to pay the hefty extortion, or even that the Russian government seized the key from the hackers and gave it to intermediaries that ultimately supplied it to Kaseya.

In a twist, REvil vanished from the internet on July 13. “That likely deprived whoever carried out the attack of income because such affiliates split ransoms with the syndicates that lease them the ransomware,” CNBC reported.

According to reports, some of the companies/organizations affected by the attack may have already rebuilt or restored their networks. Others, according to Kaseya, remained in what a spokesperson said was “complete lockdown” weeks after the attack.

“We remain committed to ensuring the highest levels of safety for our customers and will continue to update here as more details become available,” Kaseya said in a statement.

The Kaseya attack is yet another indicator that cyber assaults are rising in both frequency and severity. Promotional products firms must take such threats seriously or risk the potential devastation of their businesses, as ASI has reported here.