REvil ransomware has outrun 1500 networks so far, but the master key is now available.
Kaseya - a vendor of remote management software at the ransomware operations center that has affected up to 1,500 downstream networks - said she has gained a decryption that must encrypt data in the attack. p>
Read More Up to 1,500 companies have been infected in one of the worst ransomware attacks to date. Affiliates of REvil, one of the Internet's most dangerous ransomware groups, from a zero-day vulnerability in Miami Round VSA Kaseya in Florida are working on the product. The vulnerability - which was patched by Kaseya a few days ago - allows ransomware operators to breach the networks of around 60 clients. From there, the extortionists infected as many as 1,500 networks that relied on 60 clients for services. Finally, a universal decoder
We've done it," wrote Dana Lehholm, the company's senior vice president of marketing, in a message. "Thursday morning we are providing technical support for the use of the decoder." We are a team in touch with our customers and do not have further details at the moment.”
In a private message, Brett Kahlo “We are working with Kaseya to support customer efforts,” said Emsisoft, Emsisoft Security Analyst. We have confirmed that the key is to unlock the victims and we will continue to support Kaseya and her clients." p> Advertising
REVIL asked for $70 million for a global decoder that could recover all data. Organizations affected in this mass attack. Liedholm declined to say if Kaseya had paid for the decryption tool. Since then, Kaseya has corrected the zero-day used in the attack.
This means that, at present, it is not publicly known whether Kasaya paid or received the ransom free of charge from both REVil law enforcement. In the days following the attack, REvil's dark web site, along with other infrastructure the group used for tech support and payment processing, suddenly became offline. For no apparent reason, victims and researchers feared that the data would be locked forever, as only those who managed to decrypt it were lost.
Where did it come from?
REvil is one of several ransomware groups believed to operate out of Russia or another Eastern European country that was formerly part of the Soviet Union. The group's disappearance came days after President Joe Biden warned his Russian counterpart, Vladimir Putin, that the United States could take unilateral action against Russia if it did not contain the ransom. Observers have since speculated that either Putin pressured the group to remain silent or that the group, with all the attention it drew from the attack, decided to do so on its own.
Some of the companies affected by the attack include Swedish grocery chain COOP, Virginia Tech, Maryland, New Zealand schools and international textile company Miroglio Group. REVIL is also behind the devastating attack of JBS, the world's largest meat producer. This violation caused JBS to temporarily close some factories. p>
Kaseya receives the original decoder to help customers who are still suffering from the REvil attack
For at least a decade, privacy advocates have yearned ...
On Wednesday, Amazon sent out an email notification to customers who pu...
Despite facing global chip shortage, US export ban and sharp ...
Open source packages estimated to have been down...