Kaseya at the center of a huge ransomware attack this month has obtained a universal key to unlock files of the hundreds of businesses and public organizations crippled by the hack nineteen days after the initial attack affecting nearly 2000 customers and business organisation.
The so-called supply-chain attack on Kaseya is being labeled the worst ransomware attack to date because it spread through software that companies, known as managed service providers, use to administer multiple customer networks, delivering software updates and security patches.
The group had asked for $50m to $70m for a master key that would unlock all infections. It is not clear how many victims may have paid ransoms before REvil went dark.
Hackers might also have handed over the decryptor for the Kaseya attack without payment – a move that would not be unprecedented for ransomware criminals. By now, many victims will have rebuilt their networks or restored them from backups.
Obtaining the key was a major step toward recovery from the hack, but Kaseya would probably be cleaning up the damage for some time. The value of accelerating the restoration of data and services shouldn’t be trivialized, but it won’t exactly erase the already extensive cost of these attacks.