iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
The software has obtained a decryptor for victims of a REvil ransomware attack.
Earlier this month, malicious cyber actor REvil demanded a record US$70 million ($95.2 million) to free over 1,000 Kaseya customers, including five Australian firms, from a ransomware attack.
REvil attacked Kaseya’s Virtual System/Server Administrator software, used to monitor and manage infrastructure either by a hosted cloud service or on-premises VSA servers.
However, after seeking advice from external agencies, Kaseya revealed it has now obtained a decryptor for victims of the REvil ransomware attack, and is now working to remediate customers impacted by the incident.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” the firm stated.
“Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.”
Kaseya representatives will contact affected customers to assist them with the decryption.
The receipt of the decryptor follows the release of a fake Kaseya patch discovered by Infoblox.
The patch was designed to trick affected users into downloading the malware under the guise of addressing loopholes.
The malware contained within the fake patch included Cobalt Strike, which is often abused by malicious actors.
Be the first to hear the latest developments in the cyber industry.
