Security News > 2021 > August > Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month.

While it was first thought that the key could unlock all of the REvil attacks that occurred at the same time as the Kaseya one, it soon became clear to researchers that the decryptor - which appeared to some to be genuine - was only for the files locked in the Kaseya attack.

Late on July 22, Kaseya said it had obtained the master decryptor "Through a third party," making it unclear if the company paid the $70 million in ransom REvil demanded for the attack.

Though Emsisoft would not comment at the time about its work to help Kaseya customers decrypt their files after the REvil attack, CTO Fabian Wosar did step forward on Twitter Tuesday to verify that the Kaseya master key published on the dark web was not for all the REvil attacks that happened concurrently.

"The leaked key generates public key F7F020C8BBD612F8966EFB9AC91DA4D10D78D1EF4B649E61C2B9ADA3FCC2C853. Therefore, the leaked key is not the operator private key."

At this point it's still unclear how the key made its way to an online forum, although some on Twitter are speculating that one of Kaseya's customers who used the key may be responsible.

News URL

https://threatpost.com/kaseyas-master-key-to-revil-attack-leaked-online/168565/