Kaseya offers universal decryptor to customers following ransomware attack

Hope it didn’t cost them $70 million…

Remember this?

70 million

Following a hard-hitting ransomware attack that impacted corporate customers of Kaseya, the REvil ransomware gang offered a universal decryptor for the eyewatering sum of $70 million worth of Bitcoin.

Yesterday, Kaseya announced that it had “obtained a universal decryptor key” and was making it available to customers who are attempting to recover their systems and data:

Kaseya has obtained a universal decryptor key.

On 7/21/2021, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers impacted by the incident.

We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.

We remain committed to ensuring the highest levels of safety for our customers and will continue to update here as more details become available.

Customers who have been impacted by the ransomware will be contacted by Kaseya representatives.

Kaseya seems keen to indicate that it did not receive the decryptor directly from the REvil gang – but through a third-party instead.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, that doesn’t mean that the unnamed third-party didn’t act as a proxy, perhaps paying REvil for the all-important code. That wouldn’t be without precedent – as there are a number of firms who have no qualms about negotiating on behalf of ransomware-hit organisations with criminal gangs.

And even if that is the case, it doesn’t mean that $70 million has been paid. In fact, I find that highly unlikely. Even in the immediate aftermath of the attack, REvil made clear that it was prepared to negotiate on the price of a universal decryptor.


Furthermore, it’s possible that no money has been paid at all. Maybe REvil had a change of heart and decided to hand over a universal decryptor for free? (I doubt it…) Or maybe someone else managed to get hold of the decryptor through means which have not been made public as yet?

There’s more to this story, and I hope we find out what happened.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.