Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Kaseya Obtains REvil Decryptor, Starts Customer Data Recovery Operations (therecord.media) 33

Remote management software vendor Kaseya said this week it had obtained a universal decryptor for the REvil ransomware and is now in the process of helping customers recover their encrypted data following a major ransomware attack that targeted its on-premises VSA servers on July 2 this year. From a report: In a phone call today, a Kaseya spokesperson told The Record it obtained the decrypter from a "trusted third-party," but declined to elaborate further, for the moment. The company said it obtained the decryptor yesterday, verified that the decryption tool worked properly, and has begun shipping it to affected customers earlier today. In an update on July 6, the Kaseya CEO said that around 60 of its direct customers, users of VSA servers, were impacted in the July 2 attack. Hackers used a zero-day to gain access to Kaseya VSA on-premise servers and then pivoted to workstations managed through the VSA software, deploying a version of the REvil ransomware on those systems and encrypting their files.
This discussion has been archived. No new comments can be posted.

Kaseya Obtains REvil Decryptor, Starts Customer Data Recovery Operations

Comments Filter:
  • Wow, that is pretty bad.
  • In other words (Score:4, Insightful)

    by mysidia ( 191772 ) on Friday July 23, 2021 @12:34PM (#61612325)

    it obtained the decrypter from a "trusted third-party," but declined to elaborate further ..

    IOW it sounds like a third party was probably hired to do the dirty work on their behalf - and by dirty work, I mean them doing on the company's behalf what the perpetrators of the ransomware were asking for and getting a decryption tool supplied by the criminals, but oh at great cost.

    Just pray that the "decryption tool they got does not contain more malware or deliberately leave behind a trace from original infections for persistence and future scams.

    • The Decrypter tool was probably tested and reverse compiled to look for that before releasing it to customers. I would also monitor its network usage.
      • by mysidia ( 191772 )

        The Decrypter tool was probably tested and reverse compiled to look for that before releasing it to customers

        Maybe. It's also possible they tried looking at it for malware using antivirus scanners and analysis which might have been limited in extent or skill.

        There are numerous ways latent malware could possibly be concealed, and could potentially evade any naive analysis. It's not clear from the article how simple or complex the decryptor, And if they fully reverse-engineered it and made sure everythi

    • You know it's kind of sad that we have to wonder that. One would think any professional software develop in this situation would have the good sense to really test the shit out of whatever tool they received or at least send it to a company who can. Especially since I have to assume this arrived to them as a binary blob.

      Also surprising is that the decryption tool is universal for anyone affected, I would have though each one would be bespoke for every victim, er, "customer".

      I also wonder if this lowkey wa

    • Either that or some member of the Revil gang was bribed to email them the tool and decryption keys. It's not like gang members are monitored 24/7 by their peers or anything. It's the same reason people who had their car stolen sometimes put up posters promising rewards to any tipsters: so that someone who happened to work at the chopshop that the car ended up in is lured to drop the owner a tip.
      • by PPH ( 736903 )

        From TFA:

        the REvil gang took down all of its server infrastructure and disappeared from forums and the dark web

        It's also possible that Putin, in spite of his denials, has decided that hosting groups like REvil within the Russian Federation is no longer a politically viable move. One or two people willing to step up with the decrypt keys will be allowed to live. Everyone else will disappear (or already have). Nobody will be left to write their memoirs about their hacking spree and Russia will be able to deny everything going into the future.

        • by Luckyo ( 1726890 )

          That would require Putin to have capability to bring down criminal elements in Russian Federation.

          Even a cursory study of criminal structures in Russian Federation tells you that opposite is true.

  • The ransomware bunch were demanding (and quite possibly got) $70 million for their "universal decryptor".

    Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.

    • Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.

      "I keep hearing negative stuff about Bitcoin, I don't understand it but I'll express my opinion anyway!"

      • Absolutely.

        Untold amounts of electricity being wasted. Environmental disruption from otherwise-pointless power generation and manufacture and disposal of custom electronics, creating greenhouse gases and land-based pollution containing everything from inert plastics to acid.

        Ransomware, and the disruption that flows from that, not to mention enriching gangsters and further enabling the outlaw lifestyle (drugs, guns, violence).

        What benefit to society has been created from all of this wastage and mess?

        Ransomw

      • There was a time when nerds (typically of the libertarian or self-righteous variety) thought Bitcoin would give "the people" independence from central banks. It wasn't that long ago.

        Over at ArsTechnica, I once said Bitcoin should not be convertible to currency and I was downvoted by the Ars mob (without them countering any of my points as usual). Article title was "Posing as ransomware, Windows malware just deletes victims’ files". Now the same Ars mob is angry at the fact a fossil-fuel-powered pla
        • (by "funds" I mean hedge funds and the like, basically now that Bitcoin has been embraced by the financial services sector, good luck regulating anything about it)
        • Over at ArsTechnica, I once said Bitcoin should not be convertible to currency and I was downvoted by the Ars mob

          Read that site for the articles, but be aware that the first word of the title refers to the commenters on it.

    • by mysidia ( 191772 )

      Tell me again how bitcoin is such a wonderful thing. That's what makes this kind of crime profitable.

      It is not Bitcoin making this profitable - Bitcoin is just convenient and preferred by the bad guys due to the speed of transacting and likely fewer headaches and precautions they have to take. If you are able to hold enough revenue hostage that you can actually demand $70 Million and people having to pay, then there are plenty of alternative methods that value can be extorted; For example, shipments

      • Where does one liquidate $70 million worth of gold anonymously? That's almost 40,000 troy ounces at current spot.

        • Have you not heard of highgrading. You sell it to your boss who then sells it back to the mining company. Everyone is a winner but the tax payers.
        • by mysidia ( 191772 )

          That's almost 40,000 troy ounces at current spot.

          True.. Gold might not be the most weight-efficient choice; Rhodium would be 4000 oz t. o = $70 Million USD.

          Where does one liquidate $70 million worth of gold anonymously

          I don't under normal circumstances nobody easily liquidates millions worth of any kind of property anonymously - most countries have stringent reporting, But the bad guys find whatever the current holes in the system are - For example, doing business in some 3rd world countries who may have

  • ..these assholes are going to hit the wrong people, and find themselves with their hands zip-tied kneeling over a floor drain.

  • The NDA is to help hide that Kaseya wrote the malware themselves. Makes for more customers when you cause the problems that the customers come to you for... /sarcasm

A good supervisor can step on your toes without messing up your shine.

Working...