Kaseya Obtains REvil Decryptor, Starts Customer Data Recovery Operations (therecord.media) 33
Remote management software vendor Kaseya said this week it had obtained a universal decryptor for the REvil ransomware and is now in the process of helping customers recover their encrypted data following a major ransomware attack that targeted its on-premises VSA servers on July 2 this year. From a report: In a phone call today, a Kaseya spokesperson told The Record it obtained the decrypter from a "trusted third-party," but declined to elaborate further, for the moment. The company said it obtained the decryptor yesterday, verified that the decryption tool worked properly, and has begun shipping it to affected customers earlier today. In an update on July 6, the Kaseya CEO said that around 60 of its direct customers, users of VSA servers, were impacted in the July 2 attack. Hackers used a zero-day to gain access to Kaseya VSA on-premise servers and then pivoted to workstations managed through the VSA software, deploying a version of the REvil ransomware on those systems and encrypting their files.
20 days later (Score:2)
In other words (Score:4, Insightful)
it obtained the decrypter from a "trusted third-party," but declined to elaborate further ..
IOW it sounds like a third party was probably hired to do the dirty work on their behalf - and by dirty work, I mean them doing on the company's behalf what the perpetrators of the ransomware were asking for and getting a decryption tool supplied by the criminals, but oh at great cost.
Just pray that the "decryption tool they got does not contain more malware or deliberately leave behind a trace from original infections for persistence and future scams.
Re: (Score:3)
Re: (Score:2)
The Decrypter tool was probably tested and reverse compiled to look for that before releasing it to customers
Maybe. It's also possible they tried looking at it for malware using antivirus scanners and analysis which might have been limited in extent or skill.
There are numerous ways latent malware could possibly be concealed, and could potentially evade any naive analysis. It's not clear from the article how simple or complex the decryptor, And if they fully reverse-engineered it and made sure everythi
Re: (Score:2)
You know it's kind of sad that we have to wonder that. One would think any professional software develop in this situation would have the good sense to really test the shit out of whatever tool they received or at least send it to a company who can. Especially since I have to assume this arrived to them as a binary blob.
Also surprising is that the decryption tool is universal for anyone affected, I would have though each one would be bespoke for every victim, er, "customer".
I also wonder if this lowkey wa
Re: (Score:2)
Re: (Score:2)
From TFA:
the REvil gang took down all of its server infrastructure and disappeared from forums and the dark web
It's also possible that Putin, in spite of his denials, has decided that hosting groups like REvil within the Russian Federation is no longer a politically viable move. One or two people willing to step up with the decrypt keys will be allowed to live. Everyone else will disappear (or already have). Nobody will be left to write their memoirs about their hacking spree and Russia will be able to deny everything going into the future.
Re: (Score:2)
That would require Putin to have capability to bring down criminal elements in Russian Federation.
Even a cursory study of criminal structures in Russian Federation tells you that opposite is true.
$70 million dollar ransom (Score:1)
The ransomware bunch were demanding (and quite possibly got) $70 million for their "universal decryptor".
Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.
Re: (Score:2)
Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.
"I keep hearing negative stuff about Bitcoin, I don't understand it but I'll express my opinion anyway!"
Re: (Score:2)
Absolutely.
Untold amounts of electricity being wasted. Environmental disruption from otherwise-pointless power generation and manufacture and disposal of custom electronics, creating greenhouse gases and land-based pollution containing everything from inert plastics to acid.
Ransomware, and the disruption that flows from that, not to mention enriching gangsters and further enabling the outlaw lifestyle (drugs, guns, violence).
What benefit to society has been created from all of this wastage and mess?
Ransomw
Re: (Score:2)
Counting negatives is easy, you could just as easily blame the internet.
What benefit to society has been created from all of this wastage and mess?
There's a question that should have gone before the assertion.
Re: (Score:2)
Which I can't help noticing you didn't answer.
Re: (Score:2)
mm hmm. You're correct, I did not do your homework for you.
Re: (Score:2)
So his homework is to make your point for you?
Re: (Score:2)
Nah but he did anyway. I made the point that he was jumping to conclusions and look where we still are. ;)
(past: my point was made, his wasn't.) (Score:2)
Okie, now read the original post. ;)
Re: $70 million dollar ransom (Score:2)
Re: (Score:2)
Over at ArsTechnica, I once said Bitcoin should not be convertible to currency and I was downvoted by the Ars mob (without them countering any of my points as usual). Article title was "Posing as ransomware, Windows malware just deletes victims’ files". Now the same Ars mob is angry at the fact a fossil-fuel-powered pla
Re: (Score:2)
Re: (Score:2)
Over at ArsTechnica, I once said Bitcoin should not be convertible to currency and I was downvoted by the Ars mob
Read that site for the articles, but be aware that the first word of the title refers to the commenters on it.
Re: (Score:3)
Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.
It is not Bitcoin making this profitable - Bitcoin is just convenient and preferred by the bad guys due to the speed of transacting and likely fewer headaches and precautions they have to take. If you are able to hold enough revenue hostage that you can actually demand $70 Million and people having to pay, then there are plenty of alternative methods that value can be extorted; For example, shipments
Re: (Score:1)
Where does one liquidate $70 million worth of gold anonymously? That's almost 40,000 troy ounces at current spot.
Re: $70 million dollar ransom (Score:2)
Re: (Score:2)
That's almost 40,000 troy ounces at current spot.
True.. Gold might not be the most weight-efficient choice; Rhodium would be 4000 oz t. o = $70 Million USD.
Where does one liquidate $70 million worth of gold anonymously
I don't under normal circumstances nobody easily liquidates millions worth of any kind of property anonymously - most countries have stringent reporting, But the bad guys find whatever the current holes in the system are - For example, doing business in some 3rd world countries who may have
At some point... (Score:1)
..these assholes are going to hit the wrong people, and find themselves with their hands zip-tied kneeling over a floor drain.
Re: At some point... (Score:2)
Re: (Score:2)
Comment (Score:2)