US software firm gets master decryption key after July 4 global attack

Published July 24, 2021
In this July 3 file photo, a sign reads: "Temporarily Closed. We have an IT-disturbance and our systems are not functioning", posted in the window of a closed Coop supermarket store in Stockholm, Sweden. — AP
In this July 3 file photo, a sign reads: "Temporarily Closed. We have an IT-disturbance and our systems are not functioning", posted in the window of a closed Coop supermarket store in Stockholm, Sweden. — AP

BOSTON: The Florida company whose software was exploited in the devastating Fourth of July weekend ransomware attack, Kaseya, has received a universal key that will decrypt all of the more than 1,000 businesses and public organisations crippled in the global incident.

Kaseya spokeswoman Dana Liedholm would not say Thursday how the key was obtained or whether a ransom was paid. She said only that it came from a trusted third party and that Kaseya was distributing it to all victims. The cybersecurity firm Emsisoft confirmed that the key worked and was providing support.

Ransomware analysts offered multiple possible explanations for why the master key, which can unlock the scrambled data of all the attack’s victims, has now appeared. They include: Kaseya paid; a government paid; a number of victims pooled funds; the Kremlin seized the key from the criminals and handed it over through intermediaries or perhaps the main attacker didn’t get paid by the gang whose ransomware was used.

The Russia-linked criminal syndicate that supplied the malware, REvil, disappeared from the internet on July 13. That likely deprived whoever carried out the attack of income because such affiliates split ransoms with the syndicates that lease them the ransomware. In the Kaseya attack, the syndicate was believed overwhelmed by more ransom negotiations than it could manage, and decided to ask $50 million to $70 million for a master key that would unlock all infections.

By now, many victims will have rebuilt their networks or restored them from backups.

It’s a mixed bag, Liedholm said, because some “have been in complete lockdown. She had no estimate of the cost of the damage and would not comment on whether any lawsuits may have been filed against Kaseya. It is not clear how many victims may have paid ransoms before REvil went dark.

The so-called supply-chain attack of Kaseya was the worst ransomware attack to date because it spread through software that companies known as managed service providers use to administer multiple customer networks, delivering software updates and security patches.

President Joe Biden called his Russian counterpart, Vladimir Putin, afterward to press him to stop providing safe haven for cybercriminals whose costly attacks the US government deems a national security threat. He has threatened to make Russia pay a price for failing to crack down, but has not specified what measures the US may take.

If the universal decryptor for the Kaseya attack was turned over without payment, it would not be the first time ransomware criminals have done that. It happened after the Conti gang hobbled Ireland’s national health care service in May and the Russian Embassy in Dublin offered to help with the investigation.

Published in Dawn, July 24th, 2021

Opinion

A decade of change & stagnation
Updated 20 Sep 2021

A decade of change & stagnation

Over a decade, three more women out of 100 aged between 19 and 39 have acquired college degrees, compared to only two more men.
All about life
Updated 20 Sep 2021

All about life

There is no shortage of issues on which the Single National Curriculum has stirred controversy.
‘Honourable men’
20 Sep 2021

‘Honourable men’

Is it ambition to support our athletes only after they bring us glory?
Concerns of proxy wars
Updated 19 Sep 2021

Concerns of proxy wars

A lobby in the US favours a plan for proxy warfare so that America can sustain its global influence.

Editorial

20 Sep 2021

Banking for women

AS the old adage goes, the proof of the pudding is in the eating. How far the new State Bank initiative —...
Off the red list
Updated 20 Sep 2021

Off the red list

There are aspects of coronavirus management, especially by developed nations towards those less so, that smack of discrimination.
20 Sep 2021

Exciting frontiers

HISTORY was made on Wednesday at the Kennedy Space Centre in Cape Canaveral. It was not the launch of the first, or...
Talking to the Taliban
Updated 19 Sep 2021

Talking to the Taliban

PRIME Minister Imran Khan has announced that he has started a dialogue with the Taliban for the formation of a...
New Zealand’s departure
Updated 19 Sep 2021

New Zealand’s departure

THERE was chaos and despair when New Zealand decided to call off their tour of Pakistan barely minutes before the...
19 Sep 2021

Crucial polio campaign

THE national vaccination campaign that kicked off in Khyber Pakhtunkhwa on Friday is being described by experts as...