US IT management software supplier Kaseya has received the ‘key’ that will allow more than 1,000 companies worldwide to get back into their systems after they were taken hostage in early July. The ransomware attack then came from the hacker group REvil, which penetrated its customers’ systems through Kaseya and then demanded a $70 million ransom.
Kaseya spokesman Dana Liedholm told AP news agency today that the key was received, without saying how it was done or whether a ransom was paid. The key came to the Miami-based company via “a trusted third party” yesterday, was all she wanted to get rid of.
Analysts are now pondering the possible scenarios in which Kaseya obtained the key to the files held hostage. The attack was attributed around July 2 to a group of criminals linked to Russia called REvil. Dutch companies also fell victim to REvil, which asked for 70 million dollars a few days after the hack, so that everyone could recover the consequences of the attack ‘in less than an hour’. Did Kaseya pay? Has a government paid? Did some of the victims jointly collect money? After all the international pressure (including from the US) the Kremlin intervened and provided the key via-via?
Or has the hacking group itself thrown in the towel? On July 13, the group suddenly seemed to have disappeared from the internet. The website where the cyber gang publishes little bits of stolen data from victims as a means of pressure was down and the members of the group suddenly went silent on various forums.
Many small businesses suffer
The ransomware was distributed via so-called VSA software from the American software supplier Kaseya. VSA is widely used by IT service providers, who use this program to remotely maintain and manage their customers’ systems. Kaseya has about 37,000 customers. The company estimated in July that about 50 to 60 percent of those were infected by the ransomware. Small businesses, such as dental practices and libraries, were particularly affected, it was suspected.
It is likely that most victims of the attack have since rebuilt their networks and/or restored them from backups. According to spokesperson Liedholm, situations differ per company. “Some have really shut everything down since then.” She couldn’t estimate the damage, nor would she comment on whether customers are preparing lawsuits against Kaseya. It is also unclear whether victims of the attack paid ransoms before REvil disappeared.
The hacking group would also be behind the hack at the American meat processing company JBS in June, which shut down a significant part of the American meat processing industry. The company paid a ransom of $11 million after the cyber attack.
Also read: Dutch volunteers came close to preventing a global cyber attack by Russian criminals (Premium)
Watch our tech videos below:
Free unlimited access to Showbytes? Which can!
Log in or create an account and never miss a thing from the stars.
Software giant receives ‘key’ after global cyber attack in which hackers demanded 70 million | Tech
Source link Software giant receives ‘key’ after global cyber attack in which hackers demanded 70 million | Tech