In its latest update on what it euphemistically calls a “VSA Security Incident”, but the rest of the world is more likely to call a “humungous ransomware disaster”, Kaseya says:
Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal. While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.
Fascinating.
So, Kaseya hasn’t paid anyone for the decryptor it managed to get its paws on last week.
So, who did get hold of the decryptor and how? Did someone in the REvil ransomware group have a pang of conscience and give up the decryptor for free? Or is there some other agency at work which managed to get hold of the decryptor via methods – as yet – uknown.
Let the speculation begin!
In other news, Kaseya is asking customers hit by the ransomware attack to sign a non-disclosure agreement (NDA) if they wish to get their hands on the decryption key.
Of course, NDAs aren’t unusual, but it’s certainly a curious decision for a company that has inadvertently contributed to a large amount of chaos at its customers.
I wonder what made Kaseya decide that the optics would look better with it forcing an NDA on customers that have had their systems shafted with ransomware than a more transparent approach?