Kaseya did not pay ransom for decryptor, refused to ‘negotiate’ with REvil – Security
Kaseya did not negotiate with cyber criminals and pay a ransom following the REvil ransomware attack on July 2 which compromised about 60 MSPs and 1,500 end users.
On Monday, the vendor confirmed on its website that it “did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”
“While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment,” an update on its website stated. “Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal.”
The vendor last week obtained a REvil ransomware decryptor key that has helped unlock ransomed filed of some 1,500 impacted customers.
Colonial Pipeline paid US$4.3 million in ransom when it was hacked in May, but federal officials were able to seize majority of that ransom back.
Over the weekend, Kaseya’s incident response team and Emsisoft partners continued to assist customers restoring their data.
“The decryption tool has proven 100% effective at decrypting files that were fully encrypted in the attack,” the update stated. “Kaseya has maintained our focus on assisting our customers, and when Kaseya obtained the decryptor last week we moved as quickly as possible to safely use the decryptor to help our customers recover their encrypted data.”