Kaseya was attacked on its VSA product by a gang using the REvil ransomware service. The ransomware attack has impacted 60 customers and around 1500 downstream businesses of Kaseya. Russia-linked REvil cybercrime behind the breach was demanding $70 million in BTC for the decryption tool. Nearly 10 days after the attack, Kaseya released fixes for three new security flaws.
Tool from a third party
On 21 July, Kaseya obtained a decryptor for victims of the REvil ransomware attack. The company confirmed that it obtained the tool from a third party, saying,
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.”
In addition to a decryptor for victims, the company will update VSA SaaS instances to remediate functionality issues and provide minor bug fixes. On 20 July, VSA 9.5.7.3015 maintenance patch has been updated.