Kaseya, the Miami-based software company at the centre of a ransomware attack which affected thousands of other businesses, says it has “obtained a decryptor” to unlock the victims’ systems.
The firm said it “obtained the tool from a trusted third party” and has not commented on whether an extortion payment was made to the criminals behind the attack, which was tactically timed just ahead of the 4 July weekend in the US.
More than 1,000 businesses had critical files across their computer networks locked by the attack, which filtered down through software provided by Kaseya to its customers and then the networks of their customers again.
Ransomware: How does the criminal system work?
EXPLAINER
Mystery remains surrounding the incident, believed to have been perpetrated by a Russian-speaking cyber criminal organisation.
The attack on Kaseya was raised as an issue by President Joe Biden in a phone conversation with President Vladimir Putin, following a number of significant ransomware attacks on American companies including oil provider Colonial.
The world’s largest meat processing company, a Brazilian firm called JBS that processes a quarter of all beef in the US, paid a ransom worth $11m (£7.8m) to REvil following another ransomware attack in June.
Following the call between the US and Russian leaders, the online infrastructure for the criminal organisation that claimed to have perpetrated the Kaseya attack – known as REvil – including the website it used to communicate with victims and organise payments, disappeared without explanation.
A range of speculative explanations have been offered – from covert US government cyber activity through to a crackdown by Russian authorities – but no evidence is available to support or refute these scenarios.
