Supermarket in Sweden closed after ransomware attack
Photo: JONAS EKSTROMER / AFP
There is new hope for Kaseya customers who still do not have full access to their data and systems after the ransomware attack on the IT service provider in early July.
Kaseya announced on Friday night that the company had received a master key for the affected computers.
The hacker group REvil had hacked Kaseya and manipulated an update of the provider's remote maintenance software. About 60 customers received this update and with it the blackmail trojan from REvil. Because most of them are IT service providers themselves, their customers also became victims of REvil, ultimately affecting up to 1,500 companies around the world. In Germany alone, at least three service providers and subsequently hundreds of companies were caught. Those of them who have not been able to restore their files and systems from backup copies or in any other way can now hope for the universal key, which, according to the IT security company Emsisoft, works "reliably".
The perpetrators had initially demanded 70 million dollars in digital currencies for the master key. They later signaled that they would be satisfied with 50 million as well. Last week, however, REvil's online presence suddenly disappeared from the network. Who or what was behind it remained unclear. The US government announced this week that it did not know what happened to REvil itself.
Kaseya did not provide any information about who gave the company the master key.
It is conceivable that she was able to use an unknown channel to REvil to pay the ransom, or that the group handed out the master key for no consideration, or that an IT security company or government agency obtained the master key.
Kaseya only announced that it was "obtained from trustworthy third parties and successfully used with affected customers."
pbe / dpa