Skip to content

Kaseya’s universal decryption key leaked on Russian hacking forum

Kaseya’s universal REvil decryptor key has now been leaked on a Russian hacking forum. A user named Ekranoplan posted a screenshot of what appears to be a universal decryptor for REvil infected files. A security researcher named pancak3 also tweeted about the post.

On July 2, Kaseya’s VSA supply chain was attacked by the REvil ransomware gang, effectively encrypting over 1500 businesses using Kaseya services. As a response, Kasyea immediately shut down their SaaS servers and started working on a patch.

Later on, REvil demanded a mammoth $70 million in ransom for a universal decryptor that could unlock the files encrypted in the attack in under an hour.

The company had announced on July 22 that they’ve received a universal decryption key from an unnamed “trusted third-party” and had started distributing it to affected customers, albeit with a non-disclosure agreement, as reported by CNN, which explains why the key was kept out of researchers hands until now. 

Although the actual source of the encryptor is still unknown, it’s believed that Russian intelligence obtained the encryptor from REvil and handed it over to US authorities as a gesture of goodwill. 

In the News: Samsung unveils Exynos W920: Industry’s smallest wearable chip


Is the REvil nightmare for Kaseya over?

Following REvil’s mysterious disappearance and Kaseya still struggling to solve the problem, the situation wasn’t looking good for them. However, this new decryptor seems to have saved the company a lot of headaches. 

A screenshot of the decryptor posted on the hacking forum.

However, from the screenshot, it’s clear that this decryptor is only for files associated with the Kaseya attack and not a master operator key for all REvil attacks. This was confirmed by Emsisoft CTA and ransomware expert Fabian Wosar as well. 

Another security firm, Flashpoint, also confirmed that they could decrypt files encrypted as part of the REvil ransomware attack. It’s still not clear why the key was posted on a hacking forum. However, as reported by BleepingComputerthe poster is more likely to be affiliated with REvil rather than being a victim. 

Regardless, this is the first time independent researchers and those unaffected by the entire REvil-Kaseya fiasco can take a look at this universal decryptor that Kasyea obtained. The screenshot was posted to a Github repository, and you can find it here.

In the News: Unofficial patch appears for Windows PetitPotam vulnerability

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>