[MART] - Daily Diary #310 - Kaseya Receives The REvil Ransomware Universal Decryptor

[CTAS-MAT]

Hello,

I hope everyone is doing well!


Below is the entry for today.


07/22/2021 - Diary entry #310:


Covered in our recent Daily Diaries (#307, #298 and #297), the supply-chain attack on Kaseya On-premises VSA appliances now gets an interesting outcome. Today, Kaseya announced they received from a trusted third party the universal decryptor for the ransomware attack and are now distributing it to their affected customers.


The attack was operated on July 2nd, through a zero-day vulnerability in the Kaseya VSA remote management application, enabling the threat to encrypt approximately sixty MSPs and around 1,500 businesses. After the attack, the group was offering their decryptor for $45k USD for each victim (or $70 million USD for a universal decryptor).


In our Daily Diary #307 we covered that the cybercrime group behind the attack, also known as Sodinokibi, is offline since July 13th. This disappearance is still a mystery, and the decryptor release raises even more questions. It's not clear if Kaseya paid a third party for the universal decryptor, and if this decryptor release is related to the websites shutdown.


Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210722/172b3399/attachment.html>