Early July, a massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.

The REvil ransomware gang, aka Sodinokibi, targeted MSPs with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.

The company estimated that between 800 and 1,500 organizations received the ransomware, although some experts believe the actual number could be higher.

After the attack, the threat actors demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim’s network.

Buy Me A Coffee

The attackers delivered the REvil ransomware, which encrypted files on compromised systems and asked victims to pay a ransom to recover them. However, victims that have not already paid up will now get help from Kaseya, after the company obtained a “universal decryptor key.”

“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor,” Kaseya said.

it’s unclear how Kaseya got the decryptor, but the company said it was obtained from a “trusted third party.” Cybersecurity company Emsisoft verified the decryptor and confirmed that it works properly, Kaseya said.

The Tor-based website used by the REvil ransomware gang to name victims and leak stolen data went offline roughly ten days after the attack on Kaseya, and it’s currently still down.

Vietnamese Hackers Fuelling WhatsApp e-challan Scam in India: Report