Kaseya obtained ransomware decryptor from 'trusted third party'
BREAKING -- Kaseya has obtained the decryption key for the massive ransomware attack it suffered earlier this month, but the company won't say how other than that it came from a "trusted third party."
The IT management software vendor disclosed a supply-chain attack on July 2 that compromised approximately 60 of its managed service provider (MSP) customers and up to 1,500 MSP clients. Ransomware gang REvil had exploited zero-day vulnerabilities in Kaseya's endpoint management and network monitoring product VSA, and used said exploits to send malicious updates that facilitated the enormous ransomware attack.
NBC News reporter Kevin Collier tweeted Thursday that Kaseya had obtained the decryptor key "from a trusted third party" the day before -- 19 days after the initial attack -- and was working with customers.
A Kaseya spokesperson confirmed in an email to SearchSecurity that Kaseya had obtained the key from an unnamed third party and that "after having it validated, we immediately began working with our customers." The spokesperson declined to answer questions about whether the receipt of the key involved a ransom payment made by Kaseya or a third party working on their behalf, nor whether they could share any additional information on the third party; the spokesperson cited "confidentiality reasons."
