Kaseya master key brings hope to the victims
Good news for victims of the latest ransomware attack. A “trustworthy third party” is said to have leaked a master key to the IT service provider Kaseya.
At the beginning of July, an attack on the American IT service provider Kaseya caused one of the largest waves of ransomware in the recent past. Now the victims can breathe a sigh of relief: As Kaseya reports, they have a master key to unlock the systems encrypted by the malware.
The attackers used a vulnerability at Kaseya to attack its customers with a program that encrypted data on their hard drives and demanded a ransom in return. One of the consequences of the attack was that numerous branches of the Swedish supermarket chain Coop had to be closed. In Germany, too, there were those affected, as reported by the Federal Office for Information Security (BSI).
The hacker group Revil, which is believed to originate in Russia, is believed to be behind the attacks. Initially, the hackers demanded a ransom totaling 70 million US dollars in order to unblock the tens of thousands of infected computers. On July 14th, however, all alleged Revil servers and Darknet sites went offline, so that the victims could no longer communicate with the attackers. Since then, security experts around the world have been trying to decrypt the hard drives affected.
Contents
Key comes from a “trusted third party”
This could be a lot faster with the master key. Like Kaseya wrote on his website on Thursday, the company succeeded in obtaining a “decryptor for victims of the Revil ransomware attack”. We are working on making these available to all customers.
It is not known where Kaseya got the key from. The company simply says it comes from a “trusted third party.” The magazine Bleeping Computer said a spokesman, that no ransom payment can be confirmed or denied. Accordingly, three scenarios are conceivable: The company could actually have paid a ransom to the attacker. Or an external security company succeeded in cracking the encryption. Or the universal key was leaked to the company by a government agency, be it the USA or Russia.
US President Joe Biden personally ordered an investigation into the attack by the secret services and it is conceivable that the American cryptography experts ultimately came across the master key. Ultimately, it shouldn’t matter to the victims; you should be happy to finally be able to access your systems and possibly valuable data again after more than three weeks.