Who us??? Kaseya says it hasn’t paid anybody for its ransomware decryption key

Who us??? Kaseya says it hasn't paid anybody for its ransomware decryption key

In its latest update on what it euphemistically calls a “VSA Security Incident”, but the rest of the world is more likely to call a “humungous ransomware disaster”, Kaseya says:

Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal. While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.

Fascinating.

So, Kaseya hasn’t paid anyone for the decryptor it managed to get its paws on last week.

So, who did get hold of the decryptor and how? Did someone in the REvil ransomware group have a pang of conscience and give up the decryptor for free? Or is there some other agency at work which managed to get hold of the decryptor via methods – as yet – uknown.

Let the speculation begin!

Sign up to our free newsletter.
Security news, advice, and tips.

In other news, Kaseya is asking customers hit by the ransomware attack to sign a non-disclosure agreement (NDA) if they wish to get their hands on the decryption key.

Of course, NDAs aren’t unusual, but it’s certainly a curious decision for a company that has inadvertently contributed to a large amount of chaos at its customers.

I wonder what made Kaseya decide that the optics would look better with it forcing an NDA on customers that have had their systems shafted with ransomware than a more transparent approach?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.