Kaseya, the Florida company whose software was exploited in the July 4 ransomware attack, has received a global key that will decrypt the data of more than 1,000 affected companies and public organizations.
Kaseya spokeswoman Dana Lidholm on Thursday did not say how the key was obtained or if any ransom was paid. He only commented that it came from a “trusted third party” and that a cup was distributed to all victims.
Cybersecurity firm Emsisoft confirmed that the key was working and that it was providing assistance.
Ransomware analysts have offered several possible explanations for why the master key now appears, which can unlock the encrypted data of all victims of the attack.
Among them is that a case or government paid a sum, that many victims collected money, that the Kremlin obtained the key from criminals and delivered it through intermediaries, or perhaps the main protagonist of the attack did not receive payment from the group whose ransomware was used.
The REvil Russia-linked criminal group that provided the malware disappeared from the Internet on July 13. This will likely starve those who carried out the revenue attack, as these partners share the revenue with the groups that rent the ransomware from them.
In the Cassette attack, the group is believed to have been overwhelmed by ransom negotiations than they could handle, and decided to demand between $50 million and $70 million for a master key that would unlock all infections.
By now, many victims will have either rebuilt their networks or restored them from backups.
There’s a little bit of everything, Liedholm said, because some “were in total lockdown.” He did not have an estimate of the cost of the damages and did not comment on whether lawsuits had been filed against Cassie.
It is currently unclear how many victims could have paid a ransom before REvil disappeared.
Kaseya’s alleged outsourcing attack was the worst ransomware incident to date as it spread through software used by companies known as managed service providers to manage multiple clients’ networks, deliver software updates and security patches.
“Wannabe internet buff. Future teen idol. Hardcore zombie guru. Gamer. Avid creator. Entrepreneur. Bacon ninja.”