Decryptor for ransomware at Kaseya customers appears on the Internet
The decryptor for the Kaseya ransomware has been leaked on a hacking forum. The key does not work for all REvil victims, but it is a general decryptor for the victims of the attack on Kaseya.
The key was first discovered by a security researcher who posted a screenshot of a hackers forum. In it, a new user claims to have a key for the REvil ransomware. By now has Bleeping computer tested the key against samples of the REvil ransomware distributed via Kaseya last month. The site confirms that the key for that works. In July, managed service provider Kaseya was attacked by a ransomware gang. They misused the software to send ransomware to the company’s customers.
The detected key only works for victims of that particular attack, not all REvil victims. REvil is one of the most notorious ransomware gangs that has victimized thousands of others besides Kaseya. REvil disappeared last month after the gang’s websites went offline. It is not known what happened to the criminals.
Nor is it unknown how the REvil key appeared on the Internet. A decryptor was available, which Kaseya had obtained from ‘an unknown party’. Kaseya teamed up with security company Emsisoft to help the ransomware victims for free. They had to sign a non-disclosure agreement for this.