Jul 22, 2021 - Technology

Kaseya receives decryption key for massive ransomware breach

Photo of Kaseya logo.
Photo: Rafael Henrique/SOPA Images/LightRocket via Getty Images

Middleware provider Kaseya said Thursday it received a key to unlock the encrypted computers of more than 1,000 companies after a Russian-based hacking group locked the systems as part of a massive ransomware campaign earlier this month, according to AP.

Why it matters: The company would not disclose how it obtained the key or if it paid a ransom to REvil, the group behind the breach, but it said the key was working and its customers around the world were regaining access to their systems.

  • REvil conducted the campaign by exploiting a flaw in software that Kaseya supplied to its customers, who are themselves managed service providers that provide IT management and other core network functions for businesses.

The big picture: Kaseya's announcement comes a bit over a week after dark web sites that REvil used to facilitate its ransom negotiations mysteriously went offline.

  • It's still unknown whether the sites went down because of a technical problem, a law enforcement operation, or some other explanation.
  • REvil at one point demanded $70 million to restore data they claimed for ransom through the July 4 weekend operation that targeted Kaseya.

Go deeper: State Department offers $10 million in rewards for cyber crime information

Go deeper