Kaseya receives decryption key for massive ransomware breach
Middleware provider Kaseya said Thursday it received a key to unlock the encrypted computers of more than 1,000 companies after a Russian-based hacking group locked the systems as part of a massive ransomware campaign earlier this month, according to AP.
Why it matters: The company would not disclose how it obtained the key or if it paid a ransom to REvil, the group behind the breach, but it said the key was working and its customers around the world were regaining access to their systems.
- REvil conducted the campaign by exploiting a flaw in software that Kaseya supplied to its customers, who are themselves managed service providers that provide IT management and other core network functions for businesses.
The big picture: Kaseya's announcement comes a bit over a week after dark web sites that REvil used to facilitate its ransom negotiations mysteriously went offline.
- It's still unknown whether the sites went down because of a technical problem, a law enforcement operation, or some other explanation.
- REvil at one point demanded $70 million to restore data they claimed for ransom through the July 4 weekend operation that targeted Kaseya.