Kaseya claims not to have paid for ransomware decryptor
Kaseya did not pay for the decryptor for the REvil ransomware distributed through the company. The company is still not saying how it got the decryptor, but denies paying for it.
That registers the company an update on the recent ransomware attack. Hundreds of companies worldwide were affected by the REvil ransomware, which was distributed through the msp software Kaseya offered. Earlier this month, Kaseya obtained a decryptor from an unknown party that allowed customers to decrypt their systems affected by the ransomware. At the time, the company did not say how it obtained the tool.
Kaseya’s silence on the subject led many people to believe that the company paid for the decryptor. “We have learned that our silence around paying the ransom could potentially trigger new ransomware attacks,” said Kaseya. “That’s not our goal.” The company says it talked to experts about paying the ransom, but after those conversations it decided not to negotiate with the hackers. “Therefore, we say in no uncertain terms that Kaseya did not pay the ransom,” the company says. It adds that this has not happened either directly or indirectly via, for example, a third party.
It remains unclear how Kaseya got the decryptor. The attack was unique in that the criminals behind REvil did not demand a separate ransom from each company, but asked one price for a general decryptor. The decryptor Kaseya now has is “100 percent effective,” according to the company. Kaseya provides the decryptor to customers, but does not make it publicly available.