Kaseya is working with security firm Emsisoft on the rollout, which ‘confirmed the key is effective at unlocking victims,’ according to Kaseya.<\/b>
\n(Illustration: leremy\/Getty Images) IT management solutions provider Kaseya said today that it obtained a universal decryptor key for those customers hit by REvil ransomware earlier this month. \u00ab\u00a0We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,\u00a0\u00bb Kaseya said in a statement. Kaseya is working with security firm Emsisoft on the rollout, which \u00ab\u00a0confirmed the key is effective at unlocking victims,\u00a0\u00bb according to Kaseya. The attack hit Kaseya earlier this month and spread through its VSA remote monitoring software, ensnaring more than 200 companies in the process. Hackers reportedly demanded $70 million in Bitcoin in exchange for a key that could decrypt the locked files. President Joe Biden has ordered US intelligence agencies to investigate, though it has not placed blame on any one actor. \u00ab\u00a0The initial thinking was it was not the Russian government, but we\u2019re not sure yet,\u00a0\u00bb Biden said earlier this month. On July 9, Biden held a call with Russian President Vladimir Putin, during which he \u00ab\u00a0underscored the need for Russia to take action to disrupt ransomware groups operating in Russia and emphasized that he is committed to continued engagement on the broader threat posed by ransomware,\u00a0\u00bb the White House said. \u00ab\u00a0President Biden reiterated that the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.\u00a0\u00bb That same day, Biden also said it would make sense for the US to attack servers used for ransomware attacks. The White House has not confirmed any such action; \u00ab\u00a0that\u2019s obviously not something that we would speak to publicly, in terms of any specific actions the President has or hasn\u2019t ordered,\u00a0\u00bb a senior administration official said. REvil went dark several days later, but we don’t know if it unplugged itself or fell prey to a cyberattack of its own. But it left a number of Kaseya victims in a lurch, according to reports. The demise of REvil is one reason security experts agree that it’s never a good idea to pay ransomware hackers. There’s no guarantee they’ll release your files, or if they even have the capability to do so. In the end, they just want the money.<\/p>\n