Kaseya has received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover files at no cost. Kaseya says they’ve obtained the decryptor from a third-party source but cannot identify the source. “We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” says Kaseya’s SVP of Corporate Marketing, Dana Liedholm.

Kaseya mentioned that they had the tool validated by another third-party source and are now relaying the decryption key to affected customers. The key works for every entity affected, MSPs and their customers included.

The REvil ransomware group that was responsible for this attack vanished from the internet after their attack. Many victims did not pay to decrypt their files, but in cases where victims needed to purchase the key, REvil could not supply it after disappearing.

According to BleepingComputer, multiple law enforcement agencies say they didn’t play a part in REvil’s operation shutting down. The reason for their stoppage remains cloudy, but some are speculating pressure from Russian leaders. BleepingComputer speculates Russia receiving the key from the REvil gang and passing it to US law enforcement as a friendly gesture.

From a business perspective, it’s important to note that the REvil gang likely won’t be finished with their endeavors. Whether they’re facing pressure from Russian leaders, or law enforcement, they’ll likely maneuver in order to continue attacks for financial gain. It’s possible the group resurfaces in the next few weeks or months with a different alias to continue as a “new” operation.

Threat actors continue to be creative with their attack methods and abilities, and it’s because talent can be recruited easily across borders. This allows them to continue to add to their operations. Ransomware is a global issue and we understand that combating these global actors requires the high-level recruiting of technical engineers.

SpearTip’s Security Operations Center as a Service (SOCaaS) is the future of cyber protection for enterprise business. The service has the ability to scale with organizations of any size, structure, or industry. With the SOCaaS comes ShadowSpear, which is an endpoint detection and response tool that serves as a comprehensive solution with turnkey access to our world-class Security Operations Center.

Technology alone will not be able to give you the successful response you need to avert crisis situations. It helps tremendously with detection, but having a human with constant vision on your environment is what will truly provide the quickest and most precise response.

If your organization is experiencing a breach, call our response hotline at 833.997.7327.