Kaseya obtains key to decrypt systems weeks after ransomware attack

Software company Kaseya on Thursday obtained a key to decrypt its systems and that of customers, which were locked down by a ransomware attack earlier this month.

A spokesperson for the company told The Hill in an emailed statement that Kaseya had been given an “effective decryptor and we are actively using it to help our customers.”

“We obtained the tool from a trusted third party and for confidentiality reasons I can’t say more than that,” the spokesperson said.

The key will likely be used to assist the up to 1,500 companies impacted by the ransomware attack on Kaseya. Cybersecurity experts have linked to Russian-based cyber criminal group REvil, though the federal government has not yet formally assessed who is behind the attack. 

Kaseya noted at the time of the attack that many of its customers were “managed service providers, using Kaseya’s technology to manage IT infrastructure for local and small businesses with less than 30 employees, such as dentists’ offices, small accounting offices and local restaurants.”

The hackers behind the attack initially demanded $70 million to decrypt the system, later lowering their demand to $50 million. The spokesperson for Kaseya did not comment on whether the company had paid the ransom to obtain the key.

Websites used by REvil on the dark web went offline last week, though it remains unclear who or what was behind the takedown. 

The ransomware attack, which experts have assessed to be one of the largest ransomware incidents in history, came on the heels of a string of attacks on other critical organizations worldwide.

Hospitals, schools, and government agencies have been targeted throughout the COVID-19 pandemic, while ransomware attacks on Colonial Pipeline and meat producer JBS USA in May temporarily disrupted critical supply chains. Both Colonial and JBS chose to pay the ransoms in order to get their systems back up and running quickly.

The Biden administration has stepped up its efforts to combat ransomware attacks and other cyber threats, including President Biden signing an executive order to strengthen federal cybersecurity in May, and through assembling an interagency federal task force to coordinate actions related to ransomware.

Biden also discussed his concerns around Russian-linked ransomware attacks with Russian President Vladimir Putin during their summit in Geneva last month, and Biden called Putin to discuss cybersecurity concerns again earlier this month. 

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden told reporters when asked about the phone call earlier this month.