[BreachExchange] Kaseya: We did not pay a ransom following cyber-attack

[Sophia Kingsbury]

channelweb.co.uk/news/4035074/kaseya-pay-ransom-following-cyber-attack

Kaseya has said it did not pay a ransom to cyber-criminals REvil following
a devastating cyber-attack on 2 July which impacted as many as 1,500
businesses worldwide.

REvil targeted Kaseya's VSA tool, which MSPs use to help monitor their
clients' networks, to spread malware through those that used its on-premise
servers.

Last week, Kaseya said it had obtained a "universal decryptor" to unlock
those affected by the attack but did not say how it had been obtained, only
that it had been from a third party.

But in its latest update, the company said: "Recent reports have suggested
that our continued silence on whether Kaseya paid the ransom may encourage
additional ransomware attacks, but nothing could be further from our goal.

"While each company must make its own decision on whether to pay the
ransom, Kaseya decided after consultation with experts to not negotiate
with the criminals who perpetrated this attack and we have not wavered from
that commitment.

"As such, we are confirming in no uncertain terms that Kaseya did not pay a
ransom - either directly or indirectly through a third party - to obtain
the decryptor."

Kaseya added that the decryptor has proven to  be "100 per cent effective
at decrypting files that were fully encrypted in the attack".

The company attracted criticism following the cyber-attack, while the Dutch
Institute for Vulnerability Disclosure claimed it had previously identified
the vulnerabilities used in the attack to Kaseya.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210727/8a4ba9d2/attachment.html>