When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Kaseya has received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover files at no cost. Kaseya says they’ve obtained the decryptor from a third-party source but cannot identify the source. “We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” says Kaseya’s SVP of Corporate Marketing, Dana Liedholm.
Kaseya mentioned that they had the tool validated by another third-party source and are now relaying the decryption key to affected customers. The decryptor key works for every entity affected, MSPs and their customers included.
The REvil ransomware group that was responsible for this attack vanished from the internet after their attack. Many victims did not pay to decrypt their files, but in cases where victims needed to purchase the key, REvil could not supply it after disappearing.
According to BleepingComputer, multiple law enforcement agencies say they didn’t play a part in REvil’s operation shutting down. The reason for their stoppage remains cloudy, but some are speculating pressure from Russian leaders. BleepingComputer speculates Russia receiving the key from the REvil gang and passing it to US law enforcement as a friendly gesture.
From a business perspective, it’s important to note that the REvil gang likely won’t be finished with their endeavors. Whether they’re facing pressure from Russian leaders, or law enforcement, they’ll likely maneuver in order to continue attacks for financial gain. It’s possible the group will resurface in the next few weeks or months with a different alias to continue as a “new” operation.
Threat actors continue to be creative with their attack methods and abilities, and it’s because talent can be recruited easily across borders. This allows them to continue to add to their operations. Ransomware is a global issue and we understand that combating these global actors requires the high-level recruiting of technical engineers.
SpearTip’s Security Operations Center as a Service (SOCaaS) is the future of cyber protection for enterprise business. The service has the ability to scale with organizations of any size, structure, or industry. With the SOCaaS comes ShadowSpear, which is an endpoint detection and response tool that serves as a comprehensive solution with turnkey access to our world-class Security Operations Center.
Technology alone will not be able to give you the successful response you need to avert crisis situations. It helps tremendously with detection, but having a human with constant vision on your environment is what will truly provide the quickest and most precise response.
If your organization is experiencing a breach, call our response hotline at 833.997.7327.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.