Who us??? Kaseya says it hasn’t paid anybody for its ransomware decryption key

Graham Cluley
@gcluley

Who us??? Kaseya says it hasn't paid anybody for its ransomware decryption key

In its latest update on what it euphemistically calls a “VSA Security Incident”, but the rest of the world is more likely to call a “humungous ransomware disaster”, Kaseya says:

Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal. While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.

Fascinating.

So, Kaseya hasn’t paid anyone for the decryptor it managed to get its paws on last week.

So, who did get hold of the decryptor and how? Did someone in the REvil ransomware group have a pang of conscience and give up the decryptor for free? Or is there some other agency at work which managed to get hold of the decryptor via methods – as yet – uknown.

Let the speculation begin!

Sign up to our newsletter
Security news, advice, and tips.

In other news, Kaseya is asking customers hit by the ransomware attack to sign a non-disclosure agreement (NDA) if they wish to get their hands on the decryption key.

Of course, NDAs aren’t unusual, but it’s certainly a curious decision for a company that has inadvertently contributed to a large amount of chaos at its customers.

I wonder what made Kaseya decide that the optics would look better with it forcing an NDA on customers that have had their systems shafted with ransomware than a more transparent approach?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.