A source referred to only as a trusted third party recently turned over a universal key to Kaseya. This was to aid in the decryption of over a thousand websites that were compromised during a widespread ransomware attack during the Fourth of July holiday.
Florida-based software company Kaseya confirmed that they received the key and will be distributing it to all affected businesses and organizations.
Cybercrime syndicate REvil exploited the company’s software to deploy the Independence Day attack, which crippled businesses across the globe. The ransomware was inadvertently deployed by Kaseya’s software into managed service providers used by companies to deliver software updates to wide-scale customer networks.
According to Dana Liedholm, Kaseya’s spokesperson, the company asked Emsisoft, a third-party cybersecurity firm, to confirm that the key worked. Emsisoft is currently assisting with the deployment and is providing technical support for the endeavor.
This master key is a counter-program that can decrypt any site data scrambled by the attack and, more or less, restore affected sites to their last iteration.
How Did They Get the Key – and Why Did They Get it Now?
Analysts have offered several reasons why this key has surfaced at this point:
- Either Kaseya or a government agency paid the ransom that REvil demanded;
- Victimized companies pooled their resources to pay the ransom;
- Given that REvil is said to have links to Russian criminal elements, the Kremlin stepped in to intervene and handed the key via intermediaries; and
- It is possible that the hacker responsible for deploying the ransomware did not get paid by REvil and chose to give the decryptor to get back at them.
Regardless of the reason, authorities have noted that online activity involving REvil has been at a standstill. They also believe that the organization itself appears to have disappeared from the internet as of July 13th.
Cybersecurity experts think that REvil was most likely overwhelmed by the number of ransom negotiations it found itself in and decided just to demand payment for a master key to unlock all infected sites. Analysts speculate that the said ransom would have been in the figure of between $50 million and $70 million.
To date, however, no one has a clear idea as to the total cost of damage caused by the July 4 cyberattack. Liedholm has refused to comment as to whether anyone filed a lawsuit against Kaseya, but the attack is now considered one of the worst ransomware incidents in history given the massive scope of its deployment.
Authorities could not provide a cost estimate of the damage of the Russia-linked hacker group. They have also declined to confirm or deny whether lawsuits are being prepared against Kaseya.
Meanwhile, the US is not flinching as it vowed to double down on REvil’s crimes as a national security threat. The attack became a talking point between President Joe Biden and Vladimir Putin. After the attacks, Biden called his Russian counterpart and pressed him to cease giving safe haven for such cybercriminals, even threatening US action if Russia fails to do so.