Security News > 2021 > August > Decryption Key for Ransomware Delivered via Kaseya Attack Made Public
A key that can be used to decrypt files encrypted by the REvil ransomware delivered as part of the Kaseya attack has been made public.
According to threat intelligence company Flashpoint, an individual using the online moniker "Ekranoplan" recently claimed on a hacker forum that they had obtained a decryption key for the REvil ransomware.
Flashpoint has tested the leaked key and confirmed that it can be used by victims of the Kaseya attack to recover files encrypted by the ransomware.
Several people have confirmed on Twitter that the key works for decrypting files encrypted by the REvil variant used in the Kaseya attack.
While the decryption key might still be useful to some victims, organizations hit by the Kaseya attack should have received a universal decryptor from Kaseya itself last month.
The individuals behind the attack initially offered a universal decryptor that could be used by all Kaseya victims for $70 million, and the amount was later reportedly brought down to $50 million.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue (source)