The universal decryption key for Kaseya has been leaked on a Russian hacking forum by hackers. An Ekranoplan-named user shared the screenshot for REvil infected files that look to be a universal decrypter. The tweet was also retweeted by a security researcher titled pancak3.
The Kaseya customers have been utilizing the tool for ransomware Universal Decryption to get files held hostage by the REvil. The very same media organization previously thought that all encrypted REvil files are the key works. The website has nevertheless reported that the other attacks of the renowned gang are not being carried out. The tool works rather only on the files of the Kaseya users.
The REvil ransomware organization has infiltrated the zero-day vulnerability, which encrypted Documents of roughly 1,500 enterprises, in the cyberattack on the VSA remote management application of Kaseya. The major attack paralyzed Kaseya customers' operation. Kaseya is the software automation supplier for the information technology industry with remote management tools.
The renowned ranking gang then asked for an incredible $70 million ransom to return the encrypted data through a universal decrypter tool. The key is to neutralize the threat actors' activities towards the victims by making the files available again. After this whooping demand, the gang suddenly disappeared.
On the web, the organization had left no record, as of July 13. The group is said to be 42 percent behind the new ransomware attacks.
It is important to mention that the abrupt disappearance of the renowned gang was carried out one day before the United States involving high authorities from the White House. and Russia discussed the surge in the ransomware cases.
Meanwhile, on July 22, Kaseya eventually got the decryption tool, to reverse its customer file encryption.
The Verge states that there are three ways in which Kaseya can get hold of the decryption tool: the US, Russia, or REvil itself. Nevertheless, these assumptions were neither confirmed nor denied by the IT business. Conversely, the Florida-based IT company said that it received the key from a "trusted third party."
In addition, Kaseya has provided its customers with the universal decryption tool but there is a twist - the corporation requires its customers to sign a non-disclosure agreement. While NDAs are routinely employed in cyberattacks, incorporating them in this process makes the incident a complete secret.