The universal ‘decryptor’ that Kaseya offers to its customers to get their files back after a significant ransomware attack was not obtained by paying a ransom. That’s what the company says.
Kaseya, whose management software was exploited for one of the biggest ransomware attacks this year, released a universal key for customers last week. However, it was unclear for a long time how it got hold of that ‘decryptor’, and it still does.
But Kaseya does say it didn’t pay a ransom. REvil, the group behind the ransomware, previously asked $70 million for a universal key that could be used to unlock all encrypted files. More than a thousand companies were affected by the cyber attack.
“While it is up to each company to decide whether or not to pay the ransom, Kaseya has decided not to negotiate with the criminals who carried out this attack on the advice of experts,” the company said in a statement on its site. “We at this moment affirm in no uncertain terms that Kaseya has not paid any ransom to obtain the key, either directly or indirectly through any third party.”
The question remains where that mysterious key comes from. Kaseya teamed up with security firm Emsisoft to analyze and test the decryptor’s functionality. Its source, however, is unknown and is being treated with great restraint. Kaseya customers who want a free key from the company must first sign a nondisclosure agreement, news channel CNN reports.