The American computer company Kaseya, victim of a cyber attack with “ransomware” which affected organizations around the world, announced to have obtained a decryption tool to unlock the networks of some 1,500 affected client companies.
The company, which provides IT services to some 40,000 companies in 20 countries, had shut down its servers after a cyberattack on July 2. The latter had affected various businesses, from pharmacies to gas stations, in at least 17 countries and forced most of Sweden’s 800 Coop supermarkets to close their doors for days.
Thanks to the “third party tool”
“Kaseya obtained the tool from a third party and (…) teams are actively helping clients affected by the ransomware to restore their environments,” Kaseya said. in a statement released Thursday. The company did not disclose the identity of the third party it used to obtain the decryption tool or indicate whether it paid the hackers. The latter demanded $ 70 million in bitcoins in exchange for the data stolen during the attack.
“Kaseya is working with Emsisoft,” a New Zealand antivirus specialist, “to support our efforts towards our customers, and Emsisoft has confirmed that the key is effective in unblocking victims,” the company added.
Russian hackers at the origin
The ransomware attack involves breaking into an entity’s networks to encrypt its data, then demanding a ransom, most often in bitcoins, in exchange for a decryption key to restore access to those data. data.
A Russian-speaking hacker group known as REvil claimed responsibility for the intrusion. After the cyberattack, US President Joe Biden asked his Russian counterpart, Vladimir Putin, to act against the attacks carried out from Russia, failing to see the United States take “the necessary measures”, while these attacks are more and more frequent. Shortly after, in mid-July, several sites and pages linked to the REvil group suddenly disappeared from the Internet.