Home Vulnerabilities Kaseya obtains REvil decryptor, starts sharing it with afflicted customers • The...

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers • The Register

Software-for-services providers business Kaseya has obtained a “universal decryptor key” for the REvil ransomware and is delivering it to clients.

A brief Thursday update to the company’s rolling security advisory states the company received the key on July 21st.

“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” the update states.

The update doesn’t reveal the source of the decryptor, but did say Kaseya had enlisted the help of a security services outfit named Emsisoft to help its customers cleanse their systems of malware.

Customers who need that help will hear from Kaseya.

The decryptor will doubtless be welcome, as flaws in Kaseya’s VSA module saw at least 50 Kaseya users compromised. As many of those customers were managed services providers, around 1500 organisations fell victim to the REvil ransomware. US President Joe Biden called on Russia to get ransomware purveyors operating from its soil under control in the wake of the incident, and the operators of REvil mysteriously disappeared from the internet within two days of that call.

Something that has not disappeared is the need for Kaseya customers to keep patching their software, as the company has issued two further patches in recent days.

Release was progressively applied to SaaS instances from July 17th and was offered to on-prem users on July 20th. The release addressed “functionality issues caused by the enhanced security measures put in place and provides bug fixes”.

The bugs quashed in the update are not security related.

A further Quick Fix Engineering Release issued on July 22nd is security related, as one of the things it fixes is “an issue where Anti-Virus and Anti-Malware clients failed to install or uninstall”. ®

Source link


New infosec products of the week: July 23, 2021

Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks Stellar Cyber introduced a...

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained...

Cyber-attacks really ramp up after Halloween – so why not start preparing now? • The Register

Promo Whisper it softly, but we’re fast forwarding through the second half of 2021, which means the holiday shopping season – and accompanying...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post...

Recent Comments