‘Kaseya’ is apparently on the verge of getting unstuck from the muddy situation it entered at the start of the month, after a REvil attack on its systems resulted in the compromise of 1,500 businesses and organizations using its VSA product. According to the most recent reports, Kaseya has somehow received a universal master key to unlock the encrypted filesystems, so the restoration process is already underway. By now, though, many of the victims have already restored from backups or rebuilt their networks from scratch.
The software firm hasn’t given an official explanation about how exactly they obtained the key, but the possible scenarios are very specific. The actors may have decided to hand them over due to failed negotiations, the company may have paid a ransom, a respectable number of clients may have paid a ransom, or the law enforcement authorities in Russia have worked underground to press REvil to end this operation. This ransomware group went offline inexplicably 10 days ago, so something significant has happened to the RaaS, but this is still a topic of speculation.
Tim Wade, Technical Director at Vectra, tells us:
More time will be needed to evaluate this case and appreciate the possibility of a fundamental shift in the ransomware space. At the moment, it appears that even if several larger groups have gone offline, the ransomware threat is never really mitigated as others jump in to fill in the gap. Potentially, those “others” are just re-spins and re-brandings of the same crooks.
For Kaseya, this incident was a highly damaging one, pulling the rug under the feet of entities that trusted the firm and thought that relying on a managed service provider would be a good idea, even from a security perspective. REvil asked the firm to pay them $70 million in ransom for a universal decrypter, as the group couldn’t possibly handle negotiations with thousands of companies. Even if Kaseya paid that amount and no matter what level of support they will provide to the clients in terms of restoring their files, restoring their trust will be a lot more challenging.