Enlarge image
Notice slip at a Coop supermarket: Closed due to a hacker attack
Photo: Jonas Ekstromer / AP
The IT service provider Kaseya, recently hit by a hacker attack, has denied speculation that it paid a ransom for the master key to unlock computers encrypted by ransomware.
Kaseya emphasized in a message that was published on Tuesday night that no money had gone to the attackers either directly or through others.
The hacker group REvil had hacked Kaseya and manipulated an update of the provider's remote maintenance software. Around 60 corporate customers had copied this update and thus the REvil blackmail trojan. Because most of them are IT service providers themselves, their customers also fell victim to REvil. The effects of the attack reached as far as Sweden, where the supermarket chain Coop was unable to open hundreds of stores due to malfunctioning checkout systems.
Ultimately, up to 1,500 companies around the world were affected.
In Germany alone, at least three service providers and subsequently hundreds of companies were hit.
Those of you who have not yet been able to restore their files and systems from backup copies or in any other way can use the universal key provided by Kaseya to get their systems up and running again or to unlock data that is still encrypted.
According to the IT security company Emsisoft, this method works "reliably".
The attackers had asked for $ 70 million
The perpetrators had initially demanded 70 million dollars in digital currencies for the master key. They later signaled that they would be satisfied with 50 million as well. Last week, however, REvil's online presence suddenly disappeared from the network. Who or what was behind it remained unclear. The US government announced this week that it did not know what happened to REvil itself.
Since Kaseya did not provide any information about the origin of the master key, it was speculated that the company ultimately gave in to the hackers' demands and paid a certain amount for the unlock code.
However, the US company has now emphasized that, after consulting with experts, it had decided not to negotiate with the attackers.
The company still does not want to reveal where the decryption program comes from.
That is why there is now speculation about the participation of US government agencies.
mak / dpa