19 days after REvils ransomware attack on Kaseya VSA systems, theres a fix

Just ahead of the July 4th holiday weekend, a ransomware attack targeted organizations using Kaseya VSA remote management software. The outfit behind the attack, REvil, initially requested a $70 million ransom and claimed to have locked down millions of devices. That was before REvil suddenly went offline on July 13th, disconnecting its servers, abandoning forums, and shutting down a page on the dark web used to communicate with victims.

Now, Kaseya says it has obtained a universal decryptor from a “third party” that can restore data encrypted during the attack. The company has not said how it came by this technology, telling Bleeping Computer that it could not confirm or deny any ransom payment had occurred.

Continue reading…