Kaseya Inc. has released a new tool that allows companies to restore data that has been encrypted by ransomware attacks. Kaseya Vault for Ransomware Protection is a free, downloadable Windows-based application that can determine if a computer has been infected with ransomware, and if so, provides the ability to restore encrypted files. Kaseya Vault provides a way for organizations to simplify the process of restoring their own data, allowing them to quickly restore files at the point of attack.
Kaseya, an IT services provider, announced this week that it has developed a tool to help companies unlock and protect their data after a ransomware attack on their systems. Kaseya’s new “Security Cloud” combines a large number of security modules in a single, easy-to-use platform that allows organizations to manage their security proactively and reactively. The software, which can be deployed in a short time after attacks, has been designed to be compatible with multiple third-party security tools.
This month, the technology company at the heart of a ransomware assault claimed it had acquired a tool to decrypt data targeted by hackers in the event, which affected hundreds of businesses across several nations.
Kaseya Ltd., based in Miami, announced on Thursday that it had received a universal decryptor that would aid in the restoration of all computer systems affected by the July 2 hack of one of its products, which served as a launchpad for hackers to gain access to New Zealand schools, a Dutch information-technology firm, and other organizations. The ransomware gang responsible for the assault wanted $70 million for such a tool at first.
The source of the decryptor was characterized as a trustworthy third party by Kaseya spokesperson Dana Liedholm, who declined to elaborate or comment on whether a ransom was paid.
Ms. Liedholm said, “We are actively and effectively utilizing the technology to assist those clients impacted by the ransomware.”
Subscribe to our newsletter
Cybersecurity WSJ Pro
WSJ’s worldwide team of reporters and editors provide cybersecurity news, analysis, and insights.
Kaseya’s virtual system administrator software, which helps customers administer their computer networks, was the focus of the assault. Over the last ten days, the company has issued a series of upgrades to the program in the hopes of limiting the harm caused by the breach.
The Biden administration claims to be taking a more aggressive stance against ransomware, bolstering cyber standards for federal contractors and disrupting transactions used to launder ransom payments, as well as increasing public pressure on Russia, which it claims provides a safe haven for hacking groups. Such allegations have been refuted by the Kremlin.
In June, Director of the Federal Bureau of Investigation Christopher Wray told The Wall Street Journal that authorities might assist some victims in restoring their computers without involving hackers.
“I don’t want to imply that this is the norm,” he added, “but there have been cases where we’ve been able to work with our partners to discover the encryption keys, allowing a business to really release their data—even without paying the ransom.”
It’s unclear if officials gave Kaseya the decryptor on Wednesday. The FBI confirmed that it is looking into the Kaseya hack, but refused to speak more. A request for comment from the National Security Council was not immediately returned.
The Kaseya incident, which occurred amid a series of breaches that affected US infrastructure, marked an uptick in ransomware techniques, according to cyber specialists. Hackers attacked a technological service provider and disseminated ransomware to its customers and their clients, compromising the digital supply chain indiscriminately.
According to business authorities, the first breach of Kaseya’s software enabled hackers to contact dozens of clients that utilized it, including other service providers. The attackers then exploited those access points to get into the computer networks of up to 1,500 victims, putting a burden on cybersecurity experts who have been dealing with a rise in ransomware this year.
“Managed service providers and small-to-medium [sized] companies have been working overtime for nearly three weeks now to recover and restore systems,” said John Hammond, senior security researcher at cyber company Huntress Labs Inc., which is investigating the assault.
Kaseya obtained the decryptor more than a week after REvil, a well-known criminal organization suspected of being behind the breach, went silent. The absence perplexed cybersecurity experts, leaving victims in the lurch who had been negotiating with the group—not only Kaseya-related victims.
On July 13, ransom negotiators from the cyber company GroupSense were in negotiations with REvil on behalf of a hacked law firm when they discovered its infrastructure was down, according to CEO Kurtis Minder. REvil’s victim chat forums and the “Happy Blog,” which published stolen data, were also offline, he added.
More from the Wall Street Journal’s Pro Cybersecurity section
Mr. Minder refused to identify the law business, which was not a Kaseya victim and had planned to pay REvil for a decryption key in lieu of adequate backups of its data. Mr. Minder and other cyber experts who deal with such victims are now wondering whether Kaseya’s decryption key will work for them as well.
According to cyber experts, decryptors may not often recover data as quickly or completely as victims would want. According to Mike Hamilton, chief information security officer of Critical Insight Inc., a company that is assisting REvil victims, the Kaseya tool may help other organizations that have been impacted by the gang’s assaults.
“We’d certainly want a copy if the key is really universal,” he remarked on Thursday.
—This essay was co-written by James Rundle and Dustin Volz.
David Uberti can be reached at [email protected].
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Privacy settings,How Search works,Kaseya,Colonial Pipeline,FireEye,Cybersecu… and Infrastruct…,Federal Bureau of Investigati…,Kaspersky,See more