The attack started through a security hole in Kaseya. (Photo: T. Schneider / Shutterstock)
At the beginning of July, an attack on the American IT service provider Kaseya caused one of the largest waves of ransomware in the recent past. Now the victims can breathe a sigh of relief: As Kaseya reports, they have a master key to unlock the systems encrypted by the malware.
The attackers used a vulnerability at Kaseya to attack its customers with a program that encrypted data on their hard drives and demanded a ransom in return. One of the consequences of the attack was that numerous branches of the Swedish supermarket chain Coop had to be closed. In Germany, too, there were those affected, as the Federal Office for Information Security (BSI) reported.
The hacking group Revil is said to be behind the attacks whose origin is believed to be in Russia. Initially, the hackers had demanded a ransom of a total of 70 million US dollars in order to unblock the tens of thousands of infected computers. On July 14th, however, all the alleged Revil servers and Darknet sites went offline, so that the victims could no longer communicate with the attackers. Since then, security experts around the world have been trying to decrypt the affected hard drives.
Key comes from a “trustworthy third party”
This could be a lot faster with the master key. As Kaseya wrote on its website on Thursday, the company succeeded in obtaining a “decryptor for victims of the Revil ransomware attack”. We are working on providing these to all customers.
It is not known where Kaseya got the key from. The company simply says it comes from a “trusted third party.” A spokesman told Bleeping Computer magazine , that no ransom payment can be confirmed or denied. Accordingly, three scenarios are conceivable: The company could actually have paid a ransom to the attacker. Or an external security company succeeded in cracking the encryption. Or the universal key was leaked to the company by a government agency, be it the USA or Russia.
US President Joe Biden personally had one Investigation of the attack was ordered by the secret services and it is conceivable that the American cryptography experts ultimately came across the master key. Ultimately, it shouldn’t matter to the victims; you should be happy to finally be able to access your systems and possibly valuable data again after more than three weeks.
